CVE-2025-21933

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Apr 1, 2025

Updated: Apr 10, 2025

CWE ID 476

Summary

CVE-2025-21933 is a kernel vulnerability affecting Linux systems that involves a NULL pointer dereference issue in the function update_mmu_cache_range(). This problem arises when the vmf parameter passed to update_mmu_cache() is NULL, leading to an issue in adjust_pte(). The vulnerability can cause a kernel NULL pointer dereference and may result in a system crash. The fix for this issue involves making decisions about holding the pte lock based on the configuration flag CONFIG_SPLIT_PTE_PTLOCKS rather than the value of 'ptl'. Additionally, when two virtual memory areas (vmas) map to the same page table entry (PTE), the pte lock should not be acquired again to avoid a deadlock. This vulnerability was discovered on the Atmel AT91SAM9 hardware platform.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners