CVE-2025-21907
📋 TL;DR
A Linux kernel memory management vulnerability where poisoned memory pages aren't properly handled during migration, causing kernel warnings and potential system instability. This affects Linux systems with memory error handling enabled, particularly during memory hot-unplug operations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to improper handling of poisoned memory during migration, leading to denial of service.
Likely Case
Kernel warning messages in system logs and potential memory corruption during migration operations, causing system instability.
If Mitigated
Minor performance impact during memory migration with proper error handling.
🎯 Exploit Status
Exploitation requires local access and ability to trigger memory migration operations on poisoned pages.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in kernel commits 425c12c076e6fc6b2cb04b9f960319d31dcabc76, 608cc7deb428f1122ed426060233622ebf667b6e, b81679b1633aa43c0d973adfa816d78c1ed0d032
Vendor Advisory: https://git.kernel.org/stable/c/425c12c076e6fc6b2cb04b9f960319d31dcabc76
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check with your distribution vendor for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable memory hot-unplug
linuxPrevent memory migration operations that trigger the vulnerability
echo offline > /sys/devices/system/memory/memoryX/state (to offline specific memory blocks)
🧯 If You Can't Patch
- Avoid memory hot-unplug operations and memory migration
- Monitor system logs for kernel warnings related to memory failure handling
🔍 How to Verify
Check if Vulnerable:
Check kernel version with 'uname -r' and compare with affected versions. Monitor dmesg for warnings about try_to_unmap_one during memory operations.Check Version:
uname -rVerify Fix Applied:
After patching, verify kernel version and check that memory migration operations complete without the specific warning in dmesg.📡 Detection & Monitoring
Log Indicators:
- Kernel warnings containing 'try_to_unmap_one' and 'unmap_poisoned_folio' in dmesg or /var/log/kern.log
Network Indicators:
- None - this is a local memory management issue
SIEM Query:
source="kernel" AND "try_to_unmap_one" AND "unmap_poisoned_folio"