{ "threat_severity" : "Moderate", "public_date" : "2025-04-01T00:00:00Z", "bugzilla" : { "description" : "kernel: LoongArch: Set hugetlb mmap base address aligned with pmd size", "id" : "2356622", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2356622" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-665", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nLoongArch: Set hugetlb mmap base address aligned with pmd size\nWith ltp test case \"testcases/bin/hugefork02\", there is a dmesg error\nreport message such as:\nkernel BUG at mm/hugetlb.c:5550!\nOops - BUG[#1]:\nCPU: 0 UID: 0 PID: 1517 Comm: hugefork02 Not tainted 6.14.0-rc2+ #241\nHardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\npc 90000000004eaf1c ra 9000000000485538 tp 900000010edbc000 sp 900000010edbf940\na0 900000010edbfb00 a1 9000000108d20280 a2 00007fffe9474000 a3 00007ffff3474000\na4 0000000000000000 a5 0000000000000003 a6 00000000003cadd3 a7 0000000000000000\nt0 0000000001ffffff t1 0000000001474000 t2 900000010ecd7900 t3 00007fffe9474000\nt4 00007fffe9474000 t5 0000000000000040 t6 900000010edbfb00 t7 0000000000000001\nt8 0000000000000005 u0 90000000004849d0 s9 900000010edbfa00 s0 9000000108d20280\ns1 00007fffe9474000 s2 0000000002000000 s3 9000000108d20280 s4 9000000002b38b10\ns5 900000010edbfb00 s6 00007ffff3474000 s7 0000000000000406 s8 900000010edbfa08\nra: 9000000000485538 unmap_vmas+0x130/0x218\nERA: 90000000004eaf1c __unmap_hugepage_range+0x6f4/0x7d0\nPRMD: 00000004 (PPLV0 +PIE -PWE)\nEUEN: 00000007 (+FPE +SXE +ASXE -BTE)\nECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\nESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)\nPRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\nProcess hugefork02 (pid: 1517, threadinfo=00000000a670eaf4, task=000000007a95fc64)\nCall Trace:\n[<90000000004eaf1c>] __unmap_hugepage_range+0x6f4/0x7d0\n[<9000000000485534>] unmap_vmas+0x12c/0x218\n[<9000000000494068>] exit_mmap+0xe0/0x308\n[<900000000025fdc4>] mmput+0x74/0x180\n[<900000000026a284>] do_exit+0x294/0x898\n[<900000000026aa30>] do_group_exit+0x30/0x98\n[<900000000027bed4>] get_signal+0x83c/0x868\n[<90000000002457b4>] arch_do_signal_or_restart+0x54/0xfa0\n[<90000000015795e8>] irqentry_exit_to_user_mode+0xb8/0x138\n[<90000000002572d0>] tlb_do_page_fault_1+0x114/0x1b4\nThe problem is that base address allocated from hugetlbfs is not aligned\nwith pmd size. Here add a checking for hugetlbfs and align base address\nwith pmd size. After this patch the test case \"testcases/bin/hugefork02\"\npasses to run.\nThis is similar to the commit 7f24cbc9c4d42db8a3c8484d1 (\"mm/mmap: teach\ngeneric_get_unmapped_area{_topdown} to handle hugetlb mappings\")." ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-21949\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21949\nhttps://lore.kernel.org/linux-cve-announce/2025040136-CVE-2025-21949-e05a@gregkh/T" ], "name" : "CVE-2025-21949", "csaw" : false }