{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:52:01.446","vulnerabilities":[{"cve":{"id":"CVE-2025-21813","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-27T20:16:03.883","lastModified":"2025-10-28T02:54:59.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntimers/migration: Fix off-by-one root mis-connection\n\nBefore attaching a new root to the old root, the children counter of the\nnew root is checked to verify that only the upcoming CPU's top group have\nbeen connected to it. However since the recently added commit b729cc1ec21a\n(\"timers/migration: Fix another race between hotplug and idle entry/exit\")\nthis check is not valid anymore because the old root is pre-accounted\nas a child to the new root. Therefore after connecting the upcoming\nCPU's top group to the new root, the children count to be expected must\nbe 2 and not 1 anymore.\n\nThis omission results in the old root to not be connected to the new\nroot. Then eventually the system may run with more than one top level,\nwhich defeats the purpose of a single idle migrator.\n\nAlso the old root is pre-accounted but not connected upon the new root\ncreation. But it can be connected to the new root later on. Therefore\nthe old root may be accounted twice to the new root. The propagation of\nsuch overcommit can end up creating a double final top-level root with a\ngroupmask incorrectly initialized. Although harmless given that the final\ntop level roots will never have a parent to walk up to, this oddity\nopportunistically reported the core issue:\n\n  WARNING: CPU: 8 PID: 0 at kernel/time/timer_migration.c:543 tmigr_requires_handle_remote\n  CPU: 8 UID: 0 PID: 0 Comm: swapper/8\n  RIP: 0010:tmigr_requires_handle_remote\n  Call Trace:\n   <IRQ>\n   ? tmigr_requires_handle_remote\n   ? hrtimer_run_queues\n   update_process_times\n   tick_periodic\n   tick_handle_periodic\n   __sysvec_apic_timer_interrupt\n   sysvec_apic_timer_interrupt\n  </IRQ>\n\nFix the problem by taking the old root into account in the children count\nof the new root so the connection is not omitted.\n\nAlso warn when more than one top level group exists to better detect\nsimilar issues in the future."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: timers/migration: Fix another race between hotplug and idle entry/exit (temporizadores/migración: Arreglar otra ejecución entre hotplug y entrada/salida inactiva) Antes de adjuntar una nueva raíz a la raíz anterior, se comprueba el contador de hijos de la nueva raíz para verificar que solo el grupo superior de la próxima CPU se haya conectado a ella. Sin embargo, desde el commit b729cc1ec21a agregada recientemente (\"timers/migration: Fix another race between hotplug and idle entry/exit\"), esta comprobación ya no es válida porque la raíz anterior se contabiliza previamente como un hijo de la nueva raíz. Por lo tanto, después de conectar el grupo superior de la próxima CPU a la nueva raíz, el recuento de hijos que se espera debe ser 2 y no 1. Esta omisión da como resultado que la raíz anterior no se conecte a la nueva raíz. Luego, eventualmente, el sistema puede ejecutarse con más de un nivel superior, lo que frustra el propósito de un solo migrador inactivo. Además, la raíz anterior se contabiliza previamente pero no se conecta al momento de la creación de la nueva raíz. Pero se puede conectar a la nueva raíz más adelante. Por lo tanto, la raíz antigua puede contabilizarse dos veces para la nueva raíz. La propagación de dicha sobreasignación puede terminar creando una raíz de nivel superior final doble con una máscara de grupo inicializada incorrectamente. Aunque es inofensiva dado que las raíces de nivel superior finales nunca tendrán un padre al que llegar, esta rareza informó oportunistamente el problema principal: ADVERTENCIA: CPU: 8 PID: 0 at kernel/time/timer_migration.c:543 tmigr_requires_handle_remote CPU: 8 UID: 0 PID: 0 Comm: swapper/8 RIP: 0010:tmigr_requires_handle_remote Call Trace:  ? tmigr_requires_handle_remote ? hrtimer_run_queues update_process_times tick_periodic tick_handle_periodic __sysvec_apic_timer_interrupt sysvec_apic_timer_interrupt  Solucione el problema teniendo en cuenta la raíz antigua en el recuento de hijos de la nueva raíz para que no se omita la conexión. También advierta cuando exista más de un grupo de nivel superior para detectar mejor problemas similares en el futuro."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.11","versionEndExcluding":"6.12.14","matchCriteriaId":"025396BC-7DE1-42A8-B0FD-73C6932699C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.1","versionEndExcluding":"6.13.3","matchCriteriaId":"6F2280A3-25EA-474E-A52E-C24AE65A2B00"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*","matchCriteriaId":"5A3F9505-6B98-4269-8B81-127E55A1BF00"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*","matchCriteriaId":"186716B6-2B66-4BD0-852E-D48E71C0C85F"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6f449d8fa1808a7f9ee644866bbc079285dbefdd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/868c9037df626b3c245ee26a290a03ae1f9f58d3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6dd70e5b465a2b77c7a7c3d868736d302e29aec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}