CVE-2025-22010

MEDIUM EPSS 3.8%
Published Apr 8, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 8, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated, it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bc Add a cond_resched() to fix soft lockup during these loops. In order not to affect the allocation performance of normal-size buffer, set the loop count of a 100GB MR as the threshold to call cond_resched().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥5.3  –  <6.1.132
linuxlinux_kernel*≥6.2  –  <6.6.85
linuxlinux_kernel*≥6.7  –  <6.12.21
linuxlinux_kernel*≥6.13  –  <6.13.9
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/13a52f6c9ff99f7d88f81da535cb4e85eade662b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/25655580136de59ec89f09089dd28008ea440fc9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4104b0023ff66b5df900d23dbf38310893deca79
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/461eb4ddede266df8f181f578732bb01742c3fd6
  • git.kernel.org https://git.kernel.org/stable/c/975355faba56c0751292ed15a90c3e2c7dc0aad6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ab20fec7a1ce3057ad86afd27bfd08420b7cd11
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/efe544462fc0b499725364f90bd0f8bbf16f861a
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/13a52f6c9ff99f7d88f81da535cb4e85eade662b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/25655580136de59ec89f09089dd28008ea440fc9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4104b0023ff66b5df900d23dbf38310893deca79
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/975355faba56c0751292ed15a90c3e2c7dc0aad6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ab20fec7a1ce3057ad86afd27bfd08420b7cd11
    Patch