CVE-2025-21949

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc2+ #241

Description A vulnerability in the Linux kernel has been resolved, related to the LoongArch architecture. The issue arises when the base address allocated from hugetlbfs is not aligned with the pmd size, causing a kernel bug. This problem is identified by a dmesg error report message when running the ltp test case "testcases/bin/hugefork02". The fix involves adding a check for hugetlbfs and aligning the base address with the pmd size.

Recommendations For Linux kernel versions prior to 6.14.0-rc2+ #241, update to a newer version that includes the fix for the hugetlb mmap base address alignment issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

AZL-59932

BDU:2025-04653

CVE-2025-21949

ECHO-E539-66E0-E8A3

OESA-2025-1446

OESA-2025-1450

Affected Products

Astra Linux

Debian

Linux Kernel

CVE-2025-21949

Weakness Enumeration

Related Identifiers

Affected Products

References · 201