Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2025-21869 | First vendor Publication | 2025-03-27 |
| Vendor | Cve | Last vendor Modification | 2025-03-27 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Disable KASAN report during patching via temporary mm Erhard reports the following KASAN hit on Talos II (power9) with kernel 6.13: [ 12.028126] ================================================================== [ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0 [ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1 [ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3 [ 12.028408] Tainted: [T]=RANDSTRUCT [ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV [ 12.028500] Call Trace: [ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable) [ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708 [ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300 [ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370 [ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40 [ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0 [ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210 [ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590 [ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0 [ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0 [ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930 [ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280 [ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370 [ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00 [ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40 [ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610 [ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280 [ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8 [ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000 [ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty) [ 12.029735] MSR: 900000000280f032 Commit c28c15b6d28a ("powerpc/code-patching: Use temporary mm for Radix MMU") is inspired from x86 but unlike x86 is doesn't disable KASAN reports during patching. This wasn't a problem at the begining because __patch_mem() is not instrumented. Commit 465cabc97b42 ("powerpc/code-patching: introduce patch_instructions()") use copy_to_kernel_nofault() to copy several instructions at once. But when using temporary mm the destination is not regular kernel memory but a kind of kernel-like memory located in user address space. ---truncated--- |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21869 |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2025-04-21 05:53:06 |
|
| 2025-04-21 05:52:40 |
|
| 2025-04-20 14:17:25 |
|
| 2025-04-20 14:17:11 |
|
| 2025-04-20 07:31:08 |
|
| 2025-04-20 07:30:49 |
|
| 2025-04-19 14:17:42 |
|
| 2025-04-19 14:17:27 |
|
| 2025-04-19 06:17:30 |
|
| 2025-04-19 06:17:15 |
|
| 2025-04-18 16:36:05 |
|
| 2025-04-18 16:35:52 |
|
| 2025-04-18 03:17:54 |
|
| 2025-04-18 03:17:37 |
|
| 2025-04-17 14:17:17 |
|
| 2025-04-17 14:17:03 |
|
| 2025-04-17 06:47:43 |
|
| 2025-04-17 06:47:26 |
|
| 2025-04-16 14:22:57 |
|
| 2025-04-16 14:22:43 |
|
| 2025-04-16 07:05:38 |
|
| 2025-04-16 07:05:23 |
|
| 2025-04-15 14:18:48 |
|
| 2025-04-15 14:18:33 |
|
| 2025-04-15 05:10:11 |
|
| 2025-04-15 05:09:57 |
|
| 2025-04-14 15:57:27 |
|
| 2025-04-14 15:57:14 |
|
| 2025-04-14 04:56:54 |
|
| 2025-04-14 04:56:05 |
|
| 2025-04-13 15:25:10 |
|
| 2025-04-13 15:24:56 |
|
| 2025-04-13 03:26:21 |
|
| 2025-04-13 03:26:06 |
|
| 2025-04-12 14:17:25 |
|
| 2025-04-12 14:17:11 |
|
| 2025-04-12 04:33:24 |
|
| 2025-04-12 04:32:58 |
|
| 2025-04-11 14:45:03 |
|
| 2025-04-11 14:44:49 |
|
| 2025-04-11 03:25:15 |
|
| 2025-04-11 03:25:01 |
|
| 2025-04-10 14:19:48 |
|
| 2025-04-10 14:19:34 |
|
| 2025-04-10 03:35:25 |
|
| 2025-04-10 03:35:09 |
|
| 2025-04-09 14:19:35 |
|
| 2025-04-09 14:19:21 |
|
| 2025-04-09 03:20:46 |
|
| 2025-04-09 03:20:31 |
|
| 2025-04-08 14:16:12 |
|
| 2025-04-08 14:15:58 |
|
| 2025-04-08 03:22:08 |
|
| 2025-04-08 03:21:53 |
|
| 2025-04-07 14:15:29 |
|
| 2025-04-07 14:15:15 |
|
| 2025-04-07 03:16:16 |
|
| 2025-04-07 03:16:02 |
|
| 2025-04-06 14:15:20 |
|
| 2025-04-06 14:15:06 |
|
| 2025-04-06 03:17:39 |
|
| 2025-04-06 03:17:25 |
|
| 2025-04-05 14:18:49 |
|
| 2025-04-05 14:18:35 |
|
| 2025-04-05 03:22:35 |
|
| 2025-04-05 03:22:21 |
|
| 2025-04-04 14:16:56 |
|
| 2025-04-04 14:16:42 |
|
| 2025-04-04 03:15:49 |
|
| 2025-04-04 03:15:35 |
|
| 2025-04-03 15:09:52 |
|
| 2025-04-03 15:09:32 |
|
| 2025-04-03 03:14:52 |
|
| 2025-04-03 03:14:38 |
|
| 2025-04-02 14:15:32 |
|
| 2025-04-02 14:15:19 |
|
| 2025-04-02 03:15:44 |
|
| 2025-04-02 03:15:29 |
|
| 2025-04-01 14:15:21 |
|
| 2025-04-01 14:15:07 |
|
| 2025-03-31 17:20:34 |
|
| 2025-03-27 17:20:57 |
|
