Vulnerability-Lookup

BDU:2025-04800

Vulnerability from fstec - Published: 24.02.2025

Title

Уязвимость функций kcompactd() (mm/compaction.c) и nfs_release_folio() (fs/nfs/file.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функций kcompactd() (mm/compaction.c) и nfs_release_folio() (fs/nfs/file.c) ядра операционной системы Linux связана с некорректной блокировкой. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Red Hat Inc., Novell Inc., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, АО "НППКТ", ООО «Ред Софт»

Software Name

Red Hat Enterprise Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, Astra Linux Special Edition (запись в едином реестре российских программ №369), Linux, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), РЕД ОС (запись в едином реестре российских программ №3751)

Software Version

9 (Red Hat Enterprise Linux), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15.6 (OpenSUSE Leap), 1.8 (Astra Linux Special Edition), от 6.3 до 6.12.19 (Linux), от 6.3 до 6.14 (Linux), от 6.3 до 6.6.83 (Linux), до 2.13 (ОСОН ОСнова Оnyx), 8.0 (РЕД ОС)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года Использование рекомендаций: Для Linux: https://lore.kernel.org/linux-cve-announce/2025040129-CVE-2025-21908-b8ce@gregkh/T/#u https://git.kernel.org/stable/c/5ae31c54cff745832b9bd5b32e71f3d1b607cd1e https://git.kernel.org/stable/c/8253ff29edcb429a9a6c75710941c6a16a9a34b1 https://git.kernel.org/stable/c/ab0727d6e2196682351c25c1dd112136f6991f11 https://git.kernel.org/stable/c/ce6d9c1c2b5cc785016faa11b48b6cd317eb367e https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.19 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2025-21908.html Для Ред ОС: http://repo.red-soft.ru/redos/8.0/x86_64/updates/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2025-21908 Обновление программного обеспечения linux до версии 6.6.90-0.osnova2u1 Для ОС Astra Linux: обновить пакет linux-6.12 до 6.12.34-1.astra1+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18

Reference

https://lore.kernel.org/linux-cve-announce/2025040129-CVE-2025-21908-b8ce@gregkh/T/#u https://git.kernel.org/stable/c/5ae31c54cff745832b9bd5b32e71f3d1b607cd1e https://git.kernel.org/stable/c/8253ff29edcb429a9a6c75710941c6a16a9a34b1 https://git.kernel.org/stable/c/ab0727d6e2196682351c25c1dd112136f6991f11 https://git.kernel.org/stable/c/ce6d9c1c2b5cc785016faa11b48b6cd317eb367e https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.19 https://www.cybersecurity-help.cz/vdb/SB2025040287 https://www.suse.com/security/cve/CVE-2025-21908.html https://access.redhat.com/security/cve/CVE-2025-21908 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.13/ https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18 http://repo.red-soft.ru/redos/8.0/x86_64/updates/

CWE

CWE-667

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Red Hat Enterprise Linux), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15.6 (OpenSUSE Leap), 1.8 (Astra Linux Special Edition), \u043e\u0442 6.3 \u0434\u043e 6.12.19 (Linux), \u043e\u0442 6.3 \u0434\u043e 6.14 (Linux), \u043e\u0442 6.3 \u0434\u043e 6.6.83 (Linux), \u0434\u043e 2.13 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 8.0 (\u0420\u0415\u0414 \u041e\u0421)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2025040129-CVE-2025-21908-b8ce@gregkh/T/#u\nhttps://git.kernel.org/stable/c/5ae31c54cff745832b9bd5b32e71f3d1b607cd1e\nhttps://git.kernel.org/stable/c/8253ff29edcb429a9a6c75710941c6a16a9a34b1\nhttps://git.kernel.org/stable/c/ab0727d6e2196682351c25c1dd112136f6991f11\nhttps://git.kernel.org/stable/c/ce6d9c1c2b5cc785016faa11b48b6cd317eb367e\nhttps://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14\nhttps://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83\nhttps://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.19\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.: \nhttps://www.suse.com/security/cve/CVE-2025-21908.html\n\n\u0414\u043b\u044f \u0420\u0435\u0434 \u041e\u0421: \nhttp://repo.red-soft.ru/redos/8.0/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2025-21908\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.6.90-0.osnova2u1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.12 \u0434\u043e 6.12.34-1.astra1+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.04.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-04800",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-21908",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Linux, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Desktop 15 SP6 , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 , Novell Inc. OpenSUSE Leap 15.6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.3 \u0434\u043e 6.12.19 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.3 \u0434\u043e 6.14 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.3 \u0434\u043e 6.6.83 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.13  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 8.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 kcompactd() (mm/compaction.c) \u0438 nfs_release_folio() (fs/nfs/file.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 (CWE-667)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 kcompactd() (mm/compaction.c) \u0438 nfs_release_folio() (fs/nfs/file.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u043e\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lore.kernel.org/linux-cve-announce/2025040129-CVE-2025-21908-b8ce@gregkh/T/#u\nhttps://git.kernel.org/stable/c/5ae31c54cff745832b9bd5b32e71f3d1b607cd1e\nhttps://git.kernel.org/stable/c/8253ff29edcb429a9a6c75710941c6a16a9a34b1\nhttps://git.kernel.org/stable/c/ab0727d6e2196682351c25c1dd112136f6991f11\nhttps://git.kernel.org/stable/c/ce6d9c1c2b5cc785016faa11b48b6cd317eb367e\nhttps://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14\nhttps://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83\nhttps://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.19\nhttps://www.cybersecurity-help.cz/vdb/SB2025040287\nhttps://www.suse.com/security/cve/CVE-2025-21908.html\nhttps://access.redhat.com/security/cve/CVE-2025-21908\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.13/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\nhttp://repo.red-soft.ru/redos/8.0/x86_64/updates/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-667",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CVE-2025-21908 (GCVE-0-2025-21908)

Vulnerability from cvelistv5 – Published: 2025-04-01 15:40 – Updated: 2025-10-01 19:26

Title

NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback

Summary

In the Linux kernel, the following vulnerability has been resolved: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd enduced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS's call to __filemap_get_folio): 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds. {--- [58] "kcompactd0" [<0>] folio_wait_bit+0xe8/0x200 [<0>] folio_wait_writeback+0x2b/0x80 [<0>] nfs_wb_folio+0x80/0x1b0 [nfs] [<0>] nfs_release_folio+0x68/0x130 [nfs] [<0>] split_huge_page_to_list_to_order+0x362/0x840 [<0>] migrate_pages_batch+0x43d/0xb90 [<0>] migrate_pages_sync+0x9a/0x240 [<0>] migrate_pages+0x93c/0x9f0 [<0>] compact_zone+0x8e2/0x1030 [<0>] compact_node+0xdb/0x120 [<0>] kcompactd+0x121/0x2e0 [<0>] kthread+0xcf/0x100 [<0>] ret_from_fork+0x31/0x40 [<0>] ret_from_fork_asm+0x1a/0x30 ---} [akpm@linux-foundation.org: fix build]

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ab0727d6e21966823…
	https://git.kernel.org/stable/c/5ae31c54cff745832…
	https://git.kernel.org/stable/c/8253ff29edcb429a9…
	https://git.kernel.org/stable/c/ce6d9c1c2b5cc7850…

Impacted products

Vendor

Product

Version

Linux

Affected: 96780ca55e3cbf4f150fd5a833a61492c9947b5b , < ab0727d6e2196682351c25c1dd112136f6991f11 (git)
Affected: 96780ca55e3cbf4f150fd5a833a61492c9947b5b , < 5ae31c54cff745832b9bd5b32e71f3d1b607cd1e (git)
Affected: 96780ca55e3cbf4f150fd5a833a61492c9947b5b , < 8253ff29edcb429a9a6c75710941c6a16a9a34b1 (git)
Affected: 96780ca55e3cbf4f150fd5a833a61492c9947b5b , < ce6d9c1c2b5cc785016faa11b48b6cd317eb367e (git)

Linux

Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 6.6.83 , ≤ 6.6.* (semver)
Unaffected: 6.12.19 , ≤ 6.12.* (semver)
Unaffected: 6.13.7 , ≤ 6.13.* (semver)
Unaffected: 6.14 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:24:19.635147Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:26:34.548Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/file.c",
            "include/linux/compaction.h",
            "include/linux/sched.h",
            "mm/compaction.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ab0727d6e2196682351c25c1dd112136f6991f11",
              "status": "affected",
              "version": "96780ca55e3cbf4f150fd5a833a61492c9947b5b",
              "versionType": "git"
            },
            {
              "lessThan": "5ae31c54cff745832b9bd5b32e71f3d1b607cd1e",
              "status": "affected",
              "version": "96780ca55e3cbf4f150fd5a833a61492c9947b5b",
              "versionType": "git"
            },
            {
              "lessThan": "8253ff29edcb429a9a6c75710941c6a16a9a34b1",
              "status": "affected",
              "version": "96780ca55e3cbf4f150fd5a833a61492c9947b5b",
              "versionType": "git"
            },
            {
              "lessThan": "ce6d9c1c2b5cc785016faa11b48b6cd317eb367e",
              "status": "affected",
              "version": "96780ca55e3cbf4f150fd5a833a61492c9947b5b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/file.c",
            "include/linux/compaction.h",
            "include/linux/sched.h",
            "mm/compaction.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.83",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.19",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.7",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\n\nAdd PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so\nnfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.\n\nOtherwise NFS can deadlock waiting for kcompactd enduced writeback which\nrecurses back to NFS (which triggers writeback to NFSD via NFS loopback\nmount on the same host, NFSD blocks waiting for XFS\u0027s call to\n__filemap_get_folio):\n\n6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.\n\n{---\n[58] \"kcompactd0\"\n[\u003c0\u003e] folio_wait_bit+0xe8/0x200\n[\u003c0\u003e] folio_wait_writeback+0x2b/0x80\n[\u003c0\u003e] nfs_wb_folio+0x80/0x1b0 [nfs]\n[\u003c0\u003e] nfs_release_folio+0x68/0x130 [nfs]\n[\u003c0\u003e] split_huge_page_to_list_to_order+0x362/0x840\n[\u003c0\u003e] migrate_pages_batch+0x43d/0xb90\n[\u003c0\u003e] migrate_pages_sync+0x9a/0x240\n[\u003c0\u003e] migrate_pages+0x93c/0x9f0\n[\u003c0\u003e] compact_zone+0x8e2/0x1030\n[\u003c0\u003e] compact_node+0xdb/0x120\n[\u003c0\u003e] kcompactd+0x121/0x2e0\n[\u003c0\u003e] kthread+0xcf/0x100\n[\u003c0\u003e] ret_from_fork+0x31/0x40\n[\u003c0\u003e] ret_from_fork_asm+0x1a/0x30\n---}\n\n[akpm@linux-foundation.org: fix build]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:24:04.110Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ab0727d6e2196682351c25c1dd112136f6991f11"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ae31c54cff745832b9bd5b32e71f3d1b607cd1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/8253ff29edcb429a9a6c75710941c6a16a9a34b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce6d9c1c2b5cc785016faa11b48b6cd317eb367e"
        }
      ],
      "title": "NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21908",
    "datePublished": "2025-04-01T15:40:48.171Z",
    "dateReserved": "2024-12-29T08:45:45.786Z",
    "dateUpdated": "2025-10-01T19:26:34.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2025-04800

CVE-2025-21908 (GCVE-0-2025-21908)

Tags

Sightings

Nomenclature