2351606 – (CVE-2025-21851) CVE-2025-21851 kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel

Bug 2351606 (CVE-2025-21851) - CVE-2025-21851 kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel

Summary: CVE-2025-21851 kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel

Keywords:
Status:	NEW
Alias:	CVE-2025-21851
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-12 12:23 UTC by OSIDB Bzimport
Modified:	2025-03-20 13:06 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-12 12:23:19 UTC

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix softlockup in arena_map_free on 64k page kernel

On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y,
arena_htab tests cause a segmentation fault and soft lockup.
The same failure is not observed with 4k pages on aarch64.

It turns out arena_map_free() is calling
apply_to_existing_page_range() with the address returned by
bpf_arena_get_kern_vm_start().  If this address is not page-aligned
the code ends up calling apply_to_pte_range() with that unaligned
address causing soft lockup.

Fix it by round up GUARD_SZ to PAGE_SIZE << 1 so that the
division by 2 in bpf_arena_get_kern_vm_start() returns
a page-aligned value.

Comment 1 Mauro Matteo Cascella 2025-03-12 15:16:58 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025031213-CVE-2025-21851-87bd@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.