Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turns out arena_map_free() is calling apply_to_existing_page_range() with the address returned by bpf_arena_get_kern_vm_start(). If this address is not page-aligned the code ends up calling apply_to_pte_range() with that unaligned address causing soft lockup. Fix it by round up GUARD_SZ to PAGE_SIZE << 1 so that the division by 2 in bpf_arena_get_kern_vm_start() returns a page-aligned value.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.9, < 6.12.17 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/517e8a7835e8cfb398a0aeb0133de50e31cae32bPatch
- https://git.kernel.org/stable/c/787d556a3de447e70964a4bdeba9196f62a62b1ePatch
- https://git.kernel.org/stable/c/c1f3f3892d4526f18aaeffdb6068ce861e793ee3Patch
FAQ
What is CVE-2025-21851?
CVE-2025-21851 is a vulnerability with a CVSS score of 3.3 (LOW). In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause...
How severe is CVE-2025-21851?
CVE-2025-21851 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-21851?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.