| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio\n\nCommit b15c87263a69 (\"hwpoison, memory_hotplug: allow hwpoisoned pages to\nbe offlined) add page poison checks in do_migrate_range in order to make\noffline hwpoisoned page possible by introducing isolate_lru_page and\ntry_to_unmap for hwpoisoned page. However folio lock must be held before\ncalling try_to_unmap. Add it to fix this problem.\n\nWarning will be produced if folio is not locked during unmap:\n\n ------------[ cut here ]------------\n kernel BUG at ./include/linux/swapops.h:400!\n Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n Modules linked in:\n CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41\n Tainted: [W]=WARN\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : try_to_unmap_one+0xb08/0xd3c\n lr : try_to_unmap_one+0x3dc/0xd3c\n Call trace:\n try_to_unmap_one+0xb08/0xd3c (P)\n try_to_unmap_one+0x3dc/0xd3c (L)\n rmap_walk_anon+0xdc/0x1f8\n rmap_walk+0x3c/0x58\n try_to_unmap+0x88/0x90\n unmap_poisoned_folio+0x30/0xa8\n do_migrate_range+0x4a0/0x568\n offline_pages+0x5a4/0x670\n memory_block_action+0x17c/0x374\n memory_subsys_offline+0x3c/0x78\n device_offline+0xa4/0xd0\n state_store+0x8c/0xf0\n dev_attr_store+0x18/0x2c\n sysfs_kf_write+0x44/0x54\n kernfs_fop_write_iter+0x118/0x1a8\n vfs_write+0x3a8/0x4bc\n ksys_write+0x6c/0xf8\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x44/0x100\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x30/0xd0\n el0t_64_sync_handler+0xc8/0xcc\n el0t_64_sync+0x198/0x19c\n Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)\n ---[ end trace 0000000000000000 ]---" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "mm/memory_hotplug.c" |
| ], |
| "versions": [ |
| { |
| "version": "b15c87263a69272423771118c653e9a1d0672caa", |
| "lessThan": "3926b572fd073491bde13ec42ee08ac1b337bf4d", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "b15c87263a69272423771118c653e9a1d0672caa", |
| "lessThan": "93df6da64b004f75d307ed08d3f0f1020280d339", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "b15c87263a69272423771118c653e9a1d0672caa", |
| "lessThan": "576a2f4c437c19bec7d05d05b5990f178d2b0f40", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "b15c87263a69272423771118c653e9a1d0672caa", |
| "lessThan": "629dfc6ba5431056701d4e44830f3409b989955a", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "b15c87263a69272423771118c653e9a1d0672caa", |
| "lessThan": "af288a426c3e3552b62595c6138ec6371a17dbba", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "85ef35ab972b7484f41c3bb2bbc79de212e19129", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "060853fdd434ce620dd1dd7619ede834bd33b9d0", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "cb1206e85df291fefde27401190329e26996c54c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "2c25071bed4b1f9c4cfb10a7914847d7069794bf", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "2c87072a3bf9bbcd747618bb2ccc3cd0da181db6", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "a2b977e3d9e4298d28ebe5cfff9e0859b74a7ac7", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "mm/memory_hotplug.c" |
| ], |
| "versions": [ |
| { |
| "version": "5.0", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.0", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.140", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.92", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.19", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13.7", |
| "lessThanOrEqual": "6.13.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.14", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.0", |
| "versionEndExcluding": "6.1.140" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.0", |
| "versionEndExcluding": "6.6.92" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.0", |
| "versionEndExcluding": "6.12.19" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.0", |
| "versionEndExcluding": "6.13.7" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.0", |
| "versionEndExcluding": "6.14" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.16.65" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.4.170" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.9.150" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.14.93" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.19.15" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.20.2" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/3926b572fd073491bde13ec42ee08ac1b337bf4d" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/93df6da64b004f75d307ed08d3f0f1020280d339" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/576a2f4c437c19bec7d05d05b5990f178d2b0f40" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/629dfc6ba5431056701d4e44830f3409b989955a" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/af288a426c3e3552b62595c6138ec6371a17dbba" |
| } |
| ], |
| "title": "hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2025-21931", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
