{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T09:54:07.575","vulnerabilities":[{"cve":{"id":"CVE-2025-21907","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-04-01T16:15:21.217","lastModified":"2025-10-31T17:59:19.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm: memory-failure: update ttu flag inside unmap_poisoned_folio\n\nPatch series \"mm: memory_failure: unmap poisoned folio during migrate\nproperly\", v3.\n\nFix two bugs during folio migration if the folio is poisoned.\n\n\nThis patch (of 3):\n\nCommit 6da6b1d4a7df (\"mm/hwpoison: convert TTU_IGNORE_HWPOISON to\nTTU_HWPOISON\") introduce TTU_HWPOISON to replace TTU_IGNORE_HWPOISON in\norder to stop send SIGBUS signal when accessing an error page after a\nmemory error on a clean folio.  However during page migration, anon folio\nmust be set with TTU_HWPOISON during unmap_*().  For pagecache we need\nsome policy just like the one in hwpoison_user_mappings to set this flag. \nSo move this policy from hwpoison_user_mappings to unmap_poisoned_folio to\nhandle this warning properly.\n\nWarning will be produced during unamp poison folio with the following log:\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 1 PID: 365 at mm/rmap.c:1847 try_to_unmap_one+0x8fc/0xd3c\n  Modules linked in:\n  CPU: 1 UID: 0 PID: 365 Comm: bash Tainted: G        W          6.13.0-rc1-00018-gacdb4bbda7ab #42\n  Tainted: [W]=WARN\n  Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n  pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : try_to_unmap_one+0x8fc/0xd3c\n  lr : try_to_unmap_one+0x3dc/0xd3c\n  Call trace:\n   try_to_unmap_one+0x8fc/0xd3c (P)\n   try_to_unmap_one+0x3dc/0xd3c (L)\n   rmap_walk_anon+0xdc/0x1f8\n   rmap_walk+0x3c/0x58\n   try_to_unmap+0x88/0x90\n   unmap_poisoned_folio+0x30/0xa8\n   do_migrate_range+0x4a0/0x568\n   offline_pages+0x5a4/0x670\n   memory_block_action+0x17c/0x374\n   memory_subsys_offline+0x3c/0x78\n   device_offline+0xa4/0xd0\n   state_store+0x8c/0xf0\n   dev_attr_store+0x18/0x2c\n   sysfs_kf_write+0x44/0x54\n   kernfs_fop_write_iter+0x118/0x1a8\n   vfs_write+0x3a8/0x4bc\n   ksys_write+0x6c/0xf8\n   __arm64_sys_write+0x1c/0x28\n   invoke_syscall+0x44/0x100\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x30/0xd0\n   el0t_64_sync_handler+0xc8/0xcc\n   el0t_64_sync+0x198/0x19c\n  ---[ end trace 0000000000000000 ]---\n\n[mawupeng1@huawei.com: unmap_poisoned_folio(): remove shadowed local `mapping', per Miaohe]"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: fallo de memoria: actualización del indicador ttu dentro de unmap_poisoned_folio. Serie de parches \"mm: fallo de memoria: desasignar correctamente un folio envenenado durante la migración\", v3. Se corrigen dos errores durante la migración de folios si este está envenenado. Este parche (de 3): El commit 6da6b1d4a7df (\"mm/hwpoison: convertir TTU_IGNORE_HWPOISON en TTU_HWPOISON\") introduce TTU_HWPOISON en lugar de TTU_IGNORE_HWPOISON para detener el envío de la señal SIGBUS al acceder a una página con error tras un error de memoria en un folio limpio. Sin embargo, durante la migración de páginas, anon folio debe configurarse con TTU_HWPOISON durante unmap_*(). Para la caché de páginas, necesitamos una política similar a la de hwpoison_user_mappings para configurar este indicador. Por lo tanto, mueva esta política de hwpoison_user_mappings a unmap_poisoned_folio para gestionar esta advertencia correctamente. Se producirá una advertencia durante el envenenamiento de folio de unamp con el siguiente registro: ------------[ cortar aquí ]------------ ADVERTENCIA: CPU: 1 PID: 365 en mm/rmap.c:1847 try_to_unmap_one+0x8fc/0xd3c Módulos vinculados: CPU: 1 UID: 0 PID: 365 Comm: bash Contaminado: GW 6.13.0-rc1-00018-gacdb4bbda7ab #42 Contaminado: [W]=WARN Nombre del hardware: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0x8fc/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Rastreo de llamadas:  try_to_unmap_one+0x8fc/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c ---[fin de seguimiento 0000000000000000 ]--- [mawupeng1@huawei.com: unmap_poisoned_folio(): eliminar el 'mapeo' local sombreado, según Miaohe] Enlace: https://lkml.kernel.org/r/20250219060653.3849083-1-mawupeng1@huawei.com"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.16","versionEndExcluding":"6.2","matchCriteriaId":"E0F792B8-000E-4D97-B7F7-B3660397A964"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.12.19","matchCriteriaId":"EB5FAD40-FE0F-4A65-BFB5-0690AD42A7DD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.7","matchCriteriaId":"842F5A44-3E71-4546-B4FD-43B0ACE3F32B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*","matchCriteriaId":"186716B6-2B66-4BD0-852E-D48E71C0C85F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*","matchCriteriaId":"0D3E781C-403A-498F-9DA9-ECEE50F41E75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*","matchCriteriaId":"66619FB8-0AAF-4166-B2CF-67B24143261D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*","matchCriteriaId":"D3D6550E-6679-4560-902D-AF52DCFE905B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*","matchCriteriaId":"45B90F6B-BEC7-4D4E-883A-9DBADE021750"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/425c12c076e6fc6b2cb04b9f960319d31dcabc76","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/608cc7deb428f1122ed426060233622ebf667b6e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b81679b1633aa43c0d973adfa816d78c1ed0d032","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}