PT-2025-4315 · Linux+4 · Linux Kernel+4

Ji Fa

Published

2025-01-08

Updated

2026-05-26

CVE-2025-21634

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A warning was found in the Linux kernel related to the cgroup/cpuset functionality. The issue is caused by the kernfs break active protection function when writing to cpuset.cpus and the cgroup is removed concurrently. This warning can lead to a deadlock due to a circular locking dependency involving cgroup mutex. The commit 3a5a6d0c2b03 made cpuset hotplug workfn asynchronous, which involves calling flush work() and can create a multiple processes circular locking dependency. To avoid deadlock, the commit 76bb5ab8f6e3 added kernfs break active protection in cpuset write resmask. However, after the commit 2125c0034c5d, cpuset write resmask no longer needs to wait for the hotplug to finish, making concurrent hotplug and cpuset operations no longer possible and thus removing the deadlock.

Recommendations To fix this warning, remove the kernfs break active protection operation in cpuset write resmask.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALT-PU-2025-12647

ALT-PU-2025-3467

AZL-56252

AZL-56318

BDU:2025-15339

CVE-2025-21634

ECHO-1039-B7FB-DC0C

OESA-2025-1248

OESA-2025-1249

USN-7379-1

USN-7379-2

USN-7380-1

USN-7381-1

USN-7382-1

USN-7513-1

USN-7513-2

USN-7513-3

USN-7513-4

USN-7513-5

USN-7514-1

USN-7515-1

USN-7515-2

USN-7522-1

USN-7523-1

USN-7524-1

Affected Products

Alt Linux

Debian

Linuxmint

Linux Kernel

Ubuntu

PT-2025-4315 · Linux+4 · Linux Kernel+4

CVE-2025-21634

Weakness Enumeration

Related Identifiers

Affected Products

References · 851