CVE-2025-21984

Summary

CVE-2025-21984 is a kernel vulnerability affecting the Linux operating system. It lies in the mm (memory management) subsystem, specifically in the userfaultfd_move() function. This function incorrectly assumes that if a Page Table Entry (PTE) is a swap entry, it cannot reference a folio that remains in the swap cache. However, this is not the case, leading to a race condition. When a folio is added to the swapcache, its index is updated. Simultaneously, PTEs may be converted to swap entries, and the folio may be written back to disk. If userfaultfd_move() occurs between these steps, it may access the destination with an outdated index, causing do_swap_page() to locate the folio in the swapcache and detect a mismatch. Depending on the system configuration, this issue can lead to critical problems. If Kernel Samepage Merging (KSM) is disabled, small and large folios can trigger bugs during the add_rmap operation due to a mismatch between the folio's index and the virtual memory area's address. This can result in system crashes and potential data corruption.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.