CVE-2025-21816

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's hrtimers infrastructure allows wakeups to be performed by an outgoing CPU after the CPUHP AP HRTIMERS DYING stage, potentially resulting in bandwidth timers being armed on an offline CPU. This issue affects not only RCU but also other components, such as the stop machine kthread, which can report its completion and perform a wake up that arms the deadline server timer. The problem is resolved by migrating away timers to an online target whenever they are enqueued from an offline CPU.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-664

Related Identifiers

AZL-68823

BDU:2025-15112

CVE-2025-21816

DLA-4328-1

DSA-5973-1

ECHO-E970-49FC-8B64

OESA-2025-1371

OESA-2025-1372

OESA-2025-1409

OESA-2025-1410

OPENSUSE-SU-2025:20091-1

SUSE-SU-2025:21080-1

SUSE-SU-2025:21147-1

SUSE-SU-2025:21180-1

SUSE-SU-2025_21147-1

USN-7521-1

USN-7521-2

USN-7521-3

USN-7651-1

USN-7651-2

USN-7651-3

USN-7651-4

USN-7651-5

USN-7651-6

USN-7652-1

USN-7653-1

USN-7737-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-21816

Weakness Enumeration

Related Identifiers

Affected Products

References · 592