CVE-2025-21949 in Linux
Summary
by MITRE • 04/01/2025
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Set hugetlb mmap base address aligned with pmd size
With ltp test case "testcases/bin/hugefork02", there is a dmesg error report message such as:
kernel BUG at mm/hugetlb.c:5550! Oops - BUG[#1]:
CPU: 0 UID: 0 PID: 1517 Comm: hugefork02 Not tainted 6.14.0-rc2+ #241 Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 pc 90000000004eaf1c ra 9000000000485538 tp 900000010edbc000 sp 900000010edbf940 a0 900000010edbfb00 a1 9000000108d20280 a2 00007fffe9474000 a3 00007ffff3474000 a4 0000000000000000 a5 0000000000000003 a6 00000000003cadd3 a7 0000000000000000 t0 0000000001ffffff t1 0000000001474000 t2 900000010ecd7900 t3 00007fffe9474000 t4 00007fffe9474000 t5 0000000000000040 t6 900000010edbfb00 t7 0000000000000001 t8 0000000000000005 u0 90000000004849d0 s9 900000010edbfa00 s0 9000000108d20280 s1 00007fffe9474000 s2 0000000002000000 s3 9000000108d20280 s4 9000000002b38b10 s5 900000010edbfb00 s6 00007ffff3474000 s7 0000000000000406 s8 900000010edbfa08 ra: 9000000000485538 unmap_vmas+0x130/0x218 ERA: 90000000004eaf1c __unmap_hugepage_range+0x6f4/0x7d0 PRMD: 00000004 (PPLV0 +PIE -PWE) EUEN: 00000007 (+FPE +SXE +ASXE -BTE) ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)
PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) Process hugefork02 (pid: 1517, threadinfo=00000000a670eaf4, task=000000007a95fc64) Call Trace: [] __unmap_hugepage_range+0x6f4/0x7d0
[] unmap_vmas+0x12c/0x218
[] exit_mmap+0xe0/0x308
[] mmput+0x74/0x180
[] do_exit+0x294/0x898
[] do_group_exit+0x30/0x98
[] get_signal+0x83c/0x868
[] arch_do_signal_or_restart+0x54/0xfa0
[] irqentry_exit_to_user_mode+0xb8/0x138
[] tlb_do_page_fault_1+0x114/0x1b4
The problem is that base address allocated from hugetlbfs is not aligned with pmd size. Here add a checking for hugetlbfs and align base address with pmd size. After this patch the test case "testcases/bin/hugefork02" passes to run.
This is similar to the commit 7f24cbc9c4d42db8a3c8484d1 ("mm/mmap: teach generic_get_unmapped_area{_topdown} to handle hugetlb mappings").
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/01/2026
The vulnerability identified as CVE-2025-21949 affects the Linux kernel's handling of huge page memory management on LoongArch architecture systems. This issue manifests during memory mapping operations involving huge pages, specifically when the hugetlbfs (huge page file system) is utilized. The root cause lies in the improper alignment of base addresses allocated from hugetlbfs with the Page Middle Directory (PMD) size, which is a critical architectural requirement for memory management in the Linux kernel. The problem was exposed through the LTP (Linux Test Project) test case "hugefork02" which triggered a kernel BUG at mm/hugetlb.c line 5550, indicating a serious memory management failure that resulted in system instability.
The technical flaw occurs within the kernel's memory management subsystem where the hugetlbfs mapping mechanism fails to properly align memory base addresses with the architectural PMD boundaries required by LoongArch processors. This misalignment leads to memory access violations and kernel panics during memory unmapping operations, as evidenced by the stack trace showing execution flow through __unmap_hugepage_range and unmap_vmas functions. The kernel's memory management code path becomes unstable when attempting to process huge page mappings that do not conform to the expected alignment requirements, causing the system to crash with a kernel BUG message and subsequent Oops exception.
The operational impact of this vulnerability is significant for systems running Linux kernels on LoongArch architecture, particularly those utilizing huge page memory management for high-performance applications. The vulnerability can lead to system crashes and instability during normal operation, especially when applications perform memory mapping operations involving large pages. This affects not only the specific test case mentioned but potentially any application or system component that relies on hugetlbfs functionality, making it a critical security and stability concern for production environments. The vulnerability essentially creates a condition where legitimate memory management operations can trigger kernel-level failures, potentially leading to denial of service scenarios.
The mitigation for this vulnerability involves implementing proper alignment checks for hugetlbfs base addresses with PMD sizes, as demonstrated by the patch that was developed to resolve the issue. This aligns with the established kernel development practices and follows the same approach as previous commits such as 7f24cbc9c4d42db8a3c8484d1 which addressed similar hugetlb mapping challenges in the generic memory management subsystem. The fix ensures that all base addresses allocated from hugetlbfs are properly aligned with the PMD boundaries required by the LoongArch architecture, thereby preventing the kernel from encountering memory management inconsistencies during mapping and unmapping operations. This solution directly addresses the CWE-129 weakness related to improper input validation and aligns with ATT&CK techniques focusing on privilege escalation and system stability compromise through memory management vulnerabilities.
The fix represents a targeted approach to memory management alignment that prevents kernel crashes while maintaining system stability and performance. By ensuring proper alignment with PMD boundaries, the kernel can safely handle huge page mappings without triggering the BUG condition that was previously observed. This patch demonstrates the importance of architectural considerations in memory management implementations and reinforces the need for proper alignment checking in kernel subsystems that handle memory mapping operations. The solution is backward compatible and does not introduce performance penalties while effectively resolving the stability issue that could affect production systems using hugetlbfs functionality on LoongArch platforms.