CVE-2025-21825

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15 through 6.12

Description A vulnerability in the Linux kernel has been identified, related to the handling of bpf timers. The issue arises when the hrtimer cancel() function attempts to acquire a lock that is already held, leading to a scheduling while atomic bug. This can occur when the bpf timer is cancelled while it is still running, causing a race condition. The vulnerability is specific to systems with PREEMPT RT enabled, which is available in version 6.12 and later. The estimated number of potentially affected devices is not provided.

Recommendations For Linux kernel versions 5.15 through 6.12, apply the patch that fixes the lock problem by breaking the cancelling of bpf timer into two steps for PREEMPT RT. The first step uses hrtimer try to cancel() and checks its return value. If the timer is running, the second step uses hrtimer cancel() through a kworker to cancel it again. This patch is necessary to prevent the scheduling while atomic bug and ensure the stable operation of the system.