CVE-2025-21696

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue arises when a memory region previously registered with userfaultfd as write-protected but without UFFD FEATURE EVENT REMAP is mremap()ed, leading to an inconsistency in flag clearing. This inconsistency causes a mismatch between the vma flags and the pte/pmd flags, resulting in a warning when setting the pte to writable while uffd-wp is still set. The fix involves explicitly clearing the uffd-wp pte/pmd flags on any such mremap() to ensure consistent values with the existing clearing of VM UFFD WP.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2025:20095

ALSA-2025:20518

ALT-PU-2025-12647

ALT-PU-2025-3467

AZL-56839

BDU:2025-15320

CVE-2025-21696

ECHO-39E1-BA56-3347

INFSA-2025_20518

OPENSUSE-SU-2025_01614-1

OPENSUSE-SU-2025_01707-1

RHSA-2025:20095

RHSA-2025:20518

RHSA-2025_20518

SUSE-SU-2025:01614-1

SUSE-SU-2025:01707-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01967-1

SUSE-SU-2025:20343-1

SUSE-SU-2025:20344-1

SUSE-SU-2025:20354-1

SUSE-SU-2025:20355-1

SUSE-SU-2025_01614-1

SUSE-SU-2025_01707-1

SUSE-SU-2025_01951-1

SUSE-SU-2025_01964-1

SUSE-SU-2025_01967-1

USN-7445-1

USN-7448-1

Affected Products

Alt Linux

Almalinux

Debian

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2025-21696

Weakness Enumeration

Related Identifiers

Affected Products

References · 1753