CVE-2025-21949

5.5 MEDIUM

Denial of Service

📋 TL;DR

A memory alignment vulnerability in the Linux kernel's LoongArch architecture hugetlbfs implementation causes kernel panic when unmapping huge pages. This affects systems running Linux kernel with LoongArch support and hugetlbfs enabled, potentially leading to denial of service.

💻 Affected Systems

Products:

• Linux Kernel

Versions: Linux kernel versions before the fix commit 242b34f48a377afe4b285b472bd0f17744fca8e8 (likely 6.14.0-rc2 and earlier with LoongArch support)

Operating Systems: Linux distributions with LoongArch architecture support

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when hugetlbfs is enabled and system uses LoongArch architecture. Most common x86/ARM systems are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.

🟠

Likely Case

System crash when specific hugetlbfs operations are performed, causing temporary denial of service until reboot.

🟢

If Mitigated

No impact if hugetlbfs is disabled or systems are not using LoongArch architecture.

🌐 Internet-Facing: LOW - Requires local access or ability to execute code on the system.

🏢 Internal Only: MEDIUM - Local users or processes can trigger the kernel panic, affecting system availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to run the specific hugetlbfs test case or similar operations. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commit 242b34f48a377afe4b285b472bd0f17744fca8e8

Vendor Advisory: https://git.kernel.org/stable/c/242b34f48a377afe4b285b472bd0f17744fca8e8

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing commit 242b34f48a377afe4b285b472bd0f17744fca8e8
2. Rebuild kernel if compiling from source
3. Reboot system to load patched kernel

🔧 Temporary Workarounds

Disable hugetlbfs

linux

Prevent use of huge pages by disabling hugetlbfs support

Copy

echo never > /sys/kernel/mm/transparent_hugepage/enabled
Remove hugetlbfs from kernel boot parameters if compiled in

🧯 If You Can't Patch

• Disable hugetlbfs usage in applications
• Restrict user access to prevent execution of hugetlbfs operations

🔍 How to Verify

Check if Vulnerable:

Copy

Check kernel version and if LoongArch architecture is used: uname -a | grep -i loongarch && test -d /sys/kernel/mm/hugepages

Check Version:

Copy

uname -r

Verify Fix Applied:

Copy

Verify kernel version includes fix commit: grep -q '242b34f48a377afe4b285b472bd0f17744fca8e8' /proc/version_signature || echo 'Check kernel changelog'

📡 Detection & Monitoring

Log Indicators:

• Kernel panic messages mentioning __unmap_hugepage_range
• BUG at mm/hugetlb.c:5550 in kernel logs
• Process crashes related to hugefork02 or hugetlbfs operations

Network Indicators:

• None - local vulnerability only

SIEM Query:

Copy

source="kernel" AND ("__unmap_hugepage_range" OR "hugetlb.c:5550" OR "hugefork02")

📊 Metadata

CVE ID: CVE-2025-21949

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.09% exploit probability (25.9th percentile)

Published: April 1, 2025

Last Updated: October 1, 2025

🔗 References

• https://git.kernel.org/stable/c/242b34f48a377afe4b285b472bd0f17744fca8e8 Patch
• https://git.kernel.org/stable/c/3109d5ff484b7bc7b955f166974c6776d91f247b Patch

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON