PT-2025-8879 · Linux+6 · Linux Kernel+6

Sebastian Andrzej Siewior

+1

·

Published

2025-02-03

·

Updated

2026-04-20

·

CVE-2025-21767

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A issue in the Linux kernel has been identified where the clocksource verify choose cpus() function is invoked with preemption disabled, leading to the acquisition of sleeping locks in atomic context. This occurs because get random u32() is called to obtain random numbers, which can acquire the batched entropy 32 local lock and/or the base crng.lock spinlock. In PREEMPT RT kernels, these locks are sleeping locks and cannot be acquired in atomic context, resulting in a bug report.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-662CWE-667

Related Identifiers

BDU:2025-12240
CVE-2025-21767
DLA-4102-1
DLA-4178-1
OESA-2025-1285
OESA-2025-1286
OPENSUSE-SU-2025_0847-1
OPENSUSE-SU-2025_0856-1
OPENSUSE-SU-2025_0955-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:0847-1
SUSE-SU-2025:0856-1
SUSE-SU-2025:0955-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_0847-1
SUSE-SU-2025_0856-1
SUSE-SU-2025_0955-1
USN-7510-1
USN-7510-2
USN-7510-3
USN-7510-4
USN-7510-5
USN-7510-6
USN-7510-7
USN-7510-8
USN-7511-1
USN-7511-2
USN-7511-3
USN-7512-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7593-1
USN-7602-1
USN-7703-1
USN-7703-2
USN-7703-3
USN-7703-4
USN-7719-1
USN-7737-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu