PT-2025-14276 · Linux+5 · Linux Kernel+5

Published

2025-01-22

·

Updated

2026-04-20

·

CVE-2025-21895

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, related to the ordering of the PMU list. The issue arises when the order of pmu ctx list for the parent and child processes differs, triggered by the time an event/PMU is added and the event order in pinned groups and flexible groups. This can cause a warning due to prev epc->pmu != next epc->pmu in perf event swap task ctx data(). A test case can trigger this warning by opening an LBR event, then tracepoint and software events, resulting in the parent context having multiple perf event pmu contexts and the child context inserting them in a different order.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-834CWE-362

Related Identifiers

BDU:2025-04452
CVE-2025-21895
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_01614-1
OPENSUSE-SU-2025_01707-1
SUSE-SU-2025:01614-1
SUSE-SU-2025:01707-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20206-1
SUSE-SU-2025:20270-1
SUSE-SU-2025:20283-1
SUSE-SU-2025_01614-1
SUSE-SU-2025_01707-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01967-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7764-1
USN-7764-2
USN-7765-1
USN-7766-1
USN-7767-1
USN-7767-2
USN-7779-1
USN-7790-1
USN-7800-1
USN-7801-1
USN-7801-2
USN-7801-3
USN-7802-1
USN-7809-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu