CVE-2025-21933

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.7

Description A NULL pointer dereference issue has been identified in the Linux kernel. The issue occurs when the update mmu cache range() function is called by update mmu cache(), and the vmf parameter is NULL. This causes a NULL pointer dereference issue in the adjust pte() function. The problem arises from the decision to hold the pte lock based on whether ptl is equal, rather than checking if CONFIG SPLIT PTE PTLOCKS is enabled. Additionally, when two vmas map to the same PTE page, holding the pte lock again can lead to a deadlock.

Recommendations To fix the issue, update the Linux kernel to version 6.13.7 or later. As a temporary workaround, consider modifying the update mmu cache range() function to decide whether to hold the pte lock based on the CONFIG SPLIT PTE PTLOCKS configuration, and add a need lock parameter to the adjust pte() function to prevent deadlocks when two vmas map to the same PTE page.