CVE-2025-21861
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's memory migration subsystem where folios (memory pages) with cleared memory cgroup data are incorrectly added to the LRU (Least Recently Used) list before being freed. This causes kernel warnings and potential memory corruption. Affects Linux systems using memory migration features like HMM (Heterogeneous Memory Management).
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to memory corruption, potentially leading to denial of service or privilege escalation if combined with other vulnerabilities.
Likely Case
Kernel warning messages in logs and potential system instability during memory migration operations, but no direct exploitation path to privilege escalation.
If Mitigated
Minor performance impact from unnecessary LRU operations and kernel warnings in logs during memory migration tests.
🎯 Exploit Status
Primarily a reliability issue discovered through kernel selftests. No known exploitation in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 069dd21ea8262204f94737878389c2815a054a9e, 20fb6fc51863fbff7868de8b5f6d249d2094df1f, 3f9240d59e9a95d19f06120bfd1d0e681c6c0ac7, 41cddf83d8b00f29fd105e7a0777366edc69a5cf, 4f52f7c50f5b6f5eeb06823e21fe546d90f9c595
Vendor Advisory: https://git.kernel.org/stable/c/069dd21ea8262204f94737878389c2815a054a9e
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable HMM memory migration
linuxPrevent triggering of the vulnerable code path by disabling Heterogeneous Memory Management features if not required.
echo 0 > /sys/kernel/mm/hmm/migrate_device_enable
Add kernel boot parameter: hmm.migrate_device=0
🧯 If You Can't Patch
- Restrict access to users who can run memory migration operations or HMM tests
- Monitor kernel logs for warning messages related to folio_lruvec_lock_irqsave and investigate any occurrences
🔍 How to Verify
Check if Vulnerable:
Run the hmm selftest: # ./hmm-tests and check for kernel warnings about 'VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled())'Check Version:
uname -rVerify Fix Applied:
Check kernel version includes the fix commits or run hmm-tests without generating the warning messages.📡 Detection & Monitoring
Log Indicators:
- Kernel warning: 'VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled())'
- Warnings from folio_lruvec_lock_irqsave function
- Page dump messages during memory migration operations
Network Indicators:
- None - this is a local memory management issue
SIEM Query:
source="kernel" AND "VM_WARN_ON_ONCE_FOLIO" OR "folio_lruvec_lock_irqsave"🔗 References
- https://git.kernel.org/stable/c/069dd21ea8262204f94737878389c2815a054a9e
- https://git.kernel.org/stable/c/20fb6fc51863fbff7868de8b5f6d249d2094df1f
- https://git.kernel.org/stable/c/3f9240d59e9a95d19f06120bfd1d0e681c6c0ac7
- https://git.kernel.org/stable/c/41cddf83d8b00f29fd105e7a0777366edc69a5cf
- https://git.kernel.org/stable/c/4f52f7c50f5b6f5eeb06823e21fe546d90f9c595
- https://git.kernel.org/stable/c/61fa824e304ed162fe965f64999068e6fcff2059
- https://git.kernel.org/stable/c/64397b0cb7c09e3ef3f9f5c7c17299c4eebd3875
- https://git.kernel.org/stable/c/78f579cb7d825134e071a1714d8d0c4fd0ffe459
