{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21931","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.789Z","datePublished":"2025-04-01T15:41:01.055Z","dateUpdated":"2026-05-11T21:09:18.494Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:09:18.494Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio\n\nCommit b15c87263a69 (\"hwpoison, memory_hotplug: allow hwpoisoned pages to\nbe offlined) add page poison checks in do_migrate_range in order to make\noffline hwpoisoned page possible by introducing isolate_lru_page and\ntry_to_unmap for hwpoisoned page.  However folio lock must be held before\ncalling try_to_unmap.  Add it to fix this problem.\n\nWarning will be produced if folio is not locked during unmap:\n\n  ------------[ cut here ]------------\n  kernel BUG at ./include/linux/swapops.h:400!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G        W          6.13.0-rc1-00016-g3c434c7ee82a-dirty #41\n  Tainted: [W]=WARN\n  Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n  pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : try_to_unmap_one+0xb08/0xd3c\n  lr : try_to_unmap_one+0x3dc/0xd3c\n  Call trace:\n   try_to_unmap_one+0xb08/0xd3c (P)\n   try_to_unmap_one+0x3dc/0xd3c (L)\n   rmap_walk_anon+0xdc/0x1f8\n   rmap_walk+0x3c/0x58\n   try_to_unmap+0x88/0x90\n   unmap_poisoned_folio+0x30/0xa8\n   do_migrate_range+0x4a0/0x568\n   offline_pages+0x5a4/0x670\n   memory_block_action+0x17c/0x374\n   memory_subsys_offline+0x3c/0x78\n   device_offline+0xa4/0xd0\n   state_store+0x8c/0xf0\n   dev_attr_store+0x18/0x2c\n   sysfs_kf_write+0x44/0x54\n   kernfs_fop_write_iter+0x118/0x1a8\n   vfs_write+0x3a8/0x4bc\n   ksys_write+0x6c/0xf8\n   __arm64_sys_write+0x1c/0x28\n   invoke_syscall+0x44/0x100\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x30/0xd0\n   el0t_64_sync_handler+0xc8/0xcc\n   el0t_64_sync+0x198/0x19c\n  Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)\n  ---[ end trace 0000000000000000 ]---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/memory_hotplug.c"],"versions":[{"version":"b15c87263a69272423771118c653e9a1d0672caa","lessThan":"3926b572fd073491bde13ec42ee08ac1b337bf4d","status":"affected","versionType":"git"},{"version":"b15c87263a69272423771118c653e9a1d0672caa","lessThan":"93df6da64b004f75d307ed08d3f0f1020280d339","status":"affected","versionType":"git"},{"version":"b15c87263a69272423771118c653e9a1d0672caa","lessThan":"576a2f4c437c19bec7d05d05b5990f178d2b0f40","status":"affected","versionType":"git"},{"version":"b15c87263a69272423771118c653e9a1d0672caa","lessThan":"629dfc6ba5431056701d4e44830f3409b989955a","status":"affected","versionType":"git"},{"version":"b15c87263a69272423771118c653e9a1d0672caa","lessThan":"af288a426c3e3552b62595c6138ec6371a17dbba","status":"affected","versionType":"git"},{"version":"85ef35ab972b7484f41c3bb2bbc79de212e19129","status":"affected","versionType":"git"},{"version":"060853fdd434ce620dd1dd7619ede834bd33b9d0","status":"affected","versionType":"git"},{"version":"cb1206e85df291fefde27401190329e26996c54c","status":"affected","versionType":"git"},{"version":"2c25071bed4b1f9c4cfb10a7914847d7069794bf","status":"affected","versionType":"git"},{"version":"2c87072a3bf9bbcd747618bb2ccc3cd0da181db6","status":"affected","versionType":"git"},{"version":"a2b977e3d9e4298d28ebe5cfff9e0859b74a7ac7","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/memory_hotplug.c"],"versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","status":"unaffected","versionType":"semver"},{"version":"6.1.140","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.92","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.19","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.7","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.1.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.6.92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.12.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.13.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.65"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.170"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.150"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3926b572fd073491bde13ec42ee08ac1b337bf4d"},{"url":"https://git.kernel.org/stable/c/93df6da64b004f75d307ed08d3f0f1020280d339"},{"url":"https://git.kernel.org/stable/c/576a2f4c437c19bec7d05d05b5990f178d2b0f40"},{"url":"https://git.kernel.org/stable/c/629dfc6ba5431056701d4e44830f3409b989955a"},{"url":"https://git.kernel.org/stable/c/af288a426c3e3552b62595c6138ec6371a17dbba"}],"title":"hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:39:27.919Z"}}]}}