CVE-2025-21869

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.13.0

Description A vulnerability has been resolved in the Linux kernel related to powerpc/code-patching. The issue involves disabling KASAN reports during patching via temporary mm. A KASAN hit was reported on Talos II with kernel 6.13, indicating a user-memory-access bug in copy to kernel nofault. The vulnerability is related to the use of temporary mm for Radix MMU, which doesn't disable KASAN reports during patching, and the introduction of patch instructions() that uses copy to kernel nofault() to copy several instructions at once.

Recommendations For Linux kernel version 6.13.0, update to a newer version that includes the fix for this issue. As a temporary workaround, consider disabling the patch instructions() function until a patch is available. Restrict access to the vulnerable copy to kernel nofault() function to minimize the risk of exploitation. Avoid using the temporary mm feature in the affected kernel version until the issue is resolved.