CVE-2025-21931 (GCVE-0-2025-21931)

Vulnerability from cvelistv5 – Published: 2025-04-01 15:41 – Updated: 2026-05-23 15:57
VLAI
Title
hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
Summary
In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]---
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: b15c87263a69272423771118c653e9a1d0672caa , < 3926b572fd073491bde13ec42ee08ac1b337bf4d (git)
Affected: b15c87263a69272423771118c653e9a1d0672caa , < 93df6da64b004f75d307ed08d3f0f1020280d339 (git)
Affected: b15c87263a69272423771118c653e9a1d0672caa , < 576a2f4c437c19bec7d05d05b5990f178d2b0f40 (git)
Affected: b15c87263a69272423771118c653e9a1d0672caa , < 629dfc6ba5431056701d4e44830f3409b989955a (git)
Affected: b15c87263a69272423771118c653e9a1d0672caa , < af288a426c3e3552b62595c6138ec6371a17dbba (git)
Affected: 85ef35ab972b7484f41c3bb2bbc79de212e19129 (git)
Affected: 060853fdd434ce620dd1dd7619ede834bd33b9d0 (git)
Affected: cb1206e85df291fefde27401190329e26996c54c (git)
Affected: 2c25071bed4b1f9c4cfb10a7914847d7069794bf (git)
Affected: 2c87072a3bf9bbcd747618bb2ccc3cd0da181db6 (git)
Affected: a2b977e3d9e4298d28ebe5cfff9e0859b74a7ac7 (git)
Affected: 3.16.65 , < 3.17 (semver)
Affected: 4.4.170 , < 4.5 (semver)
Affected: 4.9.150 , < 4.10 (semver)
Affected: 4.14.93 , < 4.15 (semver)
Affected: 4.19.15 , < 4.20 (semver)
Affected: 4.20.2 , < 4.21 (semver)
Create a notification for this product.
Linux Linux Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 6.1.140 , ≤ 6.1.* (semver)
Unaffected: 6.6.92 , ≤ 6.6.* (semver)
Unaffected: 6.12.19 , ≤ 6.12.* (semver)
Unaffected: 6.13.7 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:39:27.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/memory_hotplug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3926b572fd073491bde13ec42ee08ac1b337bf4d",
              "status": "affected",
              "version": "b15c87263a69272423771118c653e9a1d0672caa",
              "versionType": "git"
            },
            {
              "lessThan": "93df6da64b004f75d307ed08d3f0f1020280d339",
              "status": "affected",
              "version": "b15c87263a69272423771118c653e9a1d0672caa",
              "versionType": "git"
            },
            {
              "lessThan": "576a2f4c437c19bec7d05d05b5990f178d2b0f40",
              "status": "affected",
              "version": "b15c87263a69272423771118c653e9a1d0672caa",
              "versionType": "git"
            },
            {
              "lessThan": "629dfc6ba5431056701d4e44830f3409b989955a",
              "status": "affected",
              "version": "b15c87263a69272423771118c653e9a1d0672caa",
              "versionType": "git"
            },
            {
              "lessThan": "af288a426c3e3552b62595c6138ec6371a17dbba",
              "status": "affected",
              "version": "b15c87263a69272423771118c653e9a1d0672caa",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "85ef35ab972b7484f41c3bb2bbc79de212e19129",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "060853fdd434ce620dd1dd7619ede834bd33b9d0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "cb1206e85df291fefde27401190329e26996c54c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2c25071bed4b1f9c4cfb10a7914847d7069794bf",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2c87072a3bf9bbcd747618bb2ccc3cd0da181db6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a2b977e3d9e4298d28ebe5cfff9e0859b74a7ac7",
              "versionType": "git"
            },
            {
              "lessThan": "3.17",
              "status": "affected",
              "version": "3.16.65",
              "versionType": "semver"
            },
            {
              "lessThan": "4.5",
              "status": "affected",
              "version": "4.4.170",
              "versionType": "semver"
            },
            {
              "lessThan": "4.10",
              "status": "affected",
              "version": "4.9.150",
              "versionType": "semver"
            },
            {
              "lessThan": "4.15",
              "status": "affected",
              "version": "4.14.93",
              "versionType": "semver"
            },
            {
              "lessThan": "4.20",
              "status": "affected",
              "version": "4.19.15",
              "versionType": "semver"
            },
            {
              "lessThan": "4.21",
              "status": "affected",
              "version": "4.20.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/memory_hotplug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.140",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.92",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.19",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.7",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.65",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.170",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.150",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.93",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.20.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio\n\nCommit b15c87263a69 (\"hwpoison, memory_hotplug: allow hwpoisoned pages to\nbe offlined) add page poison checks in do_migrate_range in order to make\noffline hwpoisoned page possible by introducing isolate_lru_page and\ntry_to_unmap for hwpoisoned page.  However folio lock must be held before\ncalling try_to_unmap.  Add it to fix this problem.\n\nWarning will be produced if folio is not locked during unmap:\n\n  ------------[ cut here ]------------\n  kernel BUG at ./include/linux/swapops.h:400!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G        W          6.13.0-rc1-00016-g3c434c7ee82a-dirty #41\n  Tainted: [W]=WARN\n  Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n  pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : try_to_unmap_one+0xb08/0xd3c\n  lr : try_to_unmap_one+0x3dc/0xd3c\n  Call trace:\n   try_to_unmap_one+0xb08/0xd3c (P)\n   try_to_unmap_one+0x3dc/0xd3c (L)\n   rmap_walk_anon+0xdc/0x1f8\n   rmap_walk+0x3c/0x58\n   try_to_unmap+0x88/0x90\n   unmap_poisoned_folio+0x30/0xa8\n   do_migrate_range+0x4a0/0x568\n   offline_pages+0x5a4/0x670\n   memory_block_action+0x17c/0x374\n   memory_subsys_offline+0x3c/0x78\n   device_offline+0xa4/0xd0\n   state_store+0x8c/0xf0\n   dev_attr_store+0x18/0x2c\n   sysfs_kf_write+0x44/0x54\n   kernfs_fop_write_iter+0x118/0x1a8\n   vfs_write+0x3a8/0x4bc\n   ksys_write+0x6c/0xf8\n   __arm64_sys_write+0x1c/0x28\n   invoke_syscall+0x44/0x100\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x30/0xd0\n   el0t_64_sync_handler+0xc8/0xcc\n   el0t_64_sync+0x198/0x19c\n  Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)\n  ---[ end trace 0000000000000000 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:57:27.859Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3926b572fd073491bde13ec42ee08ac1b337bf4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/93df6da64b004f75d307ed08d3f0f1020280d339"
        },
        {
          "url": "https://git.kernel.org/stable/c/576a2f4c437c19bec7d05d05b5990f178d2b0f40"
        },
        {
          "url": "https://git.kernel.org/stable/c/629dfc6ba5431056701d4e44830f3409b989955a"
        },
        {
          "url": "https://git.kernel.org/stable/c/af288a426c3e3552b62595c6138ec6371a17dbba"
        }
      ],
      "title": "hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21931",
    "datePublished": "2025-04-01T15:41:01.055Z",
    "dateReserved": "2024-12-29T08:45:45.789Z",
    "dateUpdated": "2026-05-23T15:57:27.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-21931",
      "date": "2026-06-30",
      "epss": "0.00135",
      "percentile": "0.03305"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-21931\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-04-01T16:15:23.933\",\"lastModified\":\"2026-06-17T08:44:38.553\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio\\n\\nCommit b15c87263a69 (\\\"hwpoison, memory_hotplug: allow hwpoisoned pages to\\nbe offlined) add page poison checks in do_migrate_range in order to make\\noffline hwpoisoned page possible by introducing isolate_lru_page and\\ntry_to_unmap for hwpoisoned page.  However folio lock must be held before\\ncalling try_to_unmap.  Add it to fix this problem.\\n\\nWarning will be produced if folio is not locked during unmap:\\n\\n  ------------[ cut here ]------------\\n  kernel BUG at ./include/linux/swapops.h:400!\\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\\n  Modules linked in:\\n  CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G        W          6.13.0-rc1-00016-g3c434c7ee82a-dirty #41\\n  Tainted: [W]=WARN\\n  Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\\n  pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n  pc : try_to_unmap_one+0xb08/0xd3c\\n  lr : try_to_unmap_one+0x3dc/0xd3c\\n  Call trace:\\n   try_to_unmap_one+0xb08/0xd3c (P)\\n   try_to_unmap_one+0x3dc/0xd3c (L)\\n   rmap_walk_anon+0xdc/0x1f8\\n   rmap_walk+0x3c/0x58\\n   try_to_unmap+0x88/0x90\\n   unmap_poisoned_folio+0x30/0xa8\\n   do_migrate_range+0x4a0/0x568\\n   offline_pages+0x5a4/0x670\\n   memory_block_action+0x17c/0x374\\n   memory_subsys_offline+0x3c/0x78\\n   device_offline+0xa4/0xd0\\n   state_store+0x8c/0xf0\\n   dev_attr_store+0x18/0x2c\\n   sysfs_kf_write+0x44/0x54\\n   kernfs_fop_write_iter+0x118/0x1a8\\n   vfs_write+0x3a8/0x4bc\\n   ksys_write+0x6c/0xf8\\n   __arm64_sys_write+0x1c/0x28\\n   invoke_syscall+0x44/0x100\\n   el0_svc_common.constprop.0+0x40/0xe0\\n   do_el0_svc+0x1c/0x28\\n   el0_svc+0x30/0xd0\\n   el0t_64_sync_handler+0xc8/0xcc\\n   el0t_64_sync+0x198/0x19c\\n  Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)\\n  ---[ end trace 0000000000000000 ]---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwpoison, memory_hotplug: bloquear folio antes de desasignar folio hwpoisoned Commit b15c87263a69 (\\\"hwpoison, memory_hotplug: permitir que las p\u00e1ginas hwpoisoned se desconecten\\\") a\u00f1adir comprobaciones de envenenamiento de p\u00e1gina en do_migrate_range para posibilitar la desconexi\u00f3n de la p\u00e1gina hwpoisoned mediante la introducci\u00f3n de insulation_lru_page y try_to_unmap para la p\u00e1gina hwpoisoned. Sin embargo, el bloqueo de folio debe mantenerse antes de llamar a try_to_unmap. A\u00f1adir esto para solucionar este problema. Se producir\u00e1 una advertencia si el folio no se bloquea durante la desasignaci\u00f3n: ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en ./include/linux/swapops.h:400! Error interno: Oops - ERROR: 00000000f2000800 [#1] PREEMPT M\u00f3dulos SMP vinculados en: CPU: 4 UID: 0 PID: 411 Comm: bash Contaminado: GW 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Contaminado: [W]=WARN Nombre del hardware: QEMU M\u00e1quina virtual QEMU, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Rastreo de llamadas: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invocar_llamada_al_sistema+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c C\u00f3digo: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ fin de seguimiento 0000000000000000 ]---\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"mm/memory_hotplug.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"b15c87263a69272423771118c653e9a1d0672caa\",\"lessThan\":\"3926b572fd073491bde13ec42ee08ac1b337bf4d\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"b15c87263a69272423771118c653e9a1d0672caa\",\"lessThan\":\"93df6da64b004f75d307ed08d3f0f1020280d339\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"b15c87263a69272423771118c653e9a1d0672caa\",\"lessThan\":\"576a2f4c437c19bec7d05d05b5990f178d2b0f40\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"b15c87263a69272423771118c653e9a1d0672caa\",\"lessThan\":\"629dfc6ba5431056701d4e44830f3409b989955a\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"b15c87263a69272423771118c653e9a1d0672caa\",\"lessThan\":\"af288a426c3e3552b62595c6138ec6371a17dbba\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"85ef35ab972b7484f41c3bb2bbc79de212e19129\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"060853fdd434ce620dd1dd7619ede834bd33b9d0\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cb1206e85df291fefde27401190329e26996c54c\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"2c25071bed4b1f9c4cfb10a7914847d7069794bf\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"2c87072a3bf9bbcd747618bb2ccc3cd0da181db6\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"a2b977e3d9e4298d28ebe5cfff9e0859b74a7ac7\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"3.16.65\",\"lessThan\":\"3.17\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.4.170\",\"lessThan\":\"4.5\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.9.150\",\"lessThan\":\"4.10\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.14.93\",\"lessThan\":\"4.15\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.19.15\",\"lessThan\":\"4.20\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.20.2\",\"lessThan\":\"4.21\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"mm/memory_hotplug.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"5.0\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.0\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.140\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.92\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.19\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.13.7\",\"lessThanOrEqual\":\"6.13.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.14\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.16.65\",\"versionEndExcluding\":\"3.17\",\"matchCriteriaId\":\"1BC72572-6E9C-4CEB-A7BB-84CE93B9D275\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.170\",\"versionEndExcluding\":\"4.5\",\"matchCriteriaId\":\"6D2CF938-4FA1-416D-AC49-F221731F57ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.9.150\",\"versionEndExcluding\":\"4.10\",\"matchCriteriaId\":\"2A45CD2E-4AEB-4D99-A98B-6A891F0A7E72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14.93\",\"versionEndExcluding\":\"4.15\",\"matchCriteriaId\":\"3E000738-63FA-4C36-AB82-D9B674F67599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.15\",\"versionEndExcluding\":\"4.20\",\"matchCriteriaId\":\"8EFA510A-7BCB-464E-B2C2-5A61D6E31F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20.2\",\"versionEndExcluding\":\"6.1.140\",\"matchCriteriaId\":\"318103BF-7584-4CC8-AB20-118945CF7244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.92\",\"matchCriteriaId\":\"7787FD66-D748-44AF-A052-DE495E1E23AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.19\",\"matchCriteriaId\":\"32865E5C-8AE1-4D3D-A64D-299039694A88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.7\",\"matchCriteriaId\":\"842F5A44-3E71-4546-B4FD-43B0ACE3F32B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"186716B6-2B66-4BD0-852E-D48E71C0C85F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3E781C-403A-498F-9DA9-ECEE50F41E75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"66619FB8-0AAF-4166-B2CF-67B24143261D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3D6550E-6679-4560-902D-AF52DCFE905B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"45B90F6B-BEC7-4D4E-883A-9DBADE021750\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3926b572fd073491bde13ec42ee08ac1b337bf4d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/576a2f4c437c19bec7d05d05b5990f178d2b0f40\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/629dfc6ba5431056701d4e44830f3409b989955a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93df6da64b004f75d307ed08d3f0f1020280d339\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/af288a426c3e3552b62595c6138ec6371a17dbba\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.