Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2025-21813— timers/migration: Fix off-by-one root mis-connection

AI Predicted 3.3 Difficulty: Moderate EPSS 0.02% · P5

Affected Version Matrix 9

VendorProductVersion RangeStatus
LinuxLinux12ead225b7996252a8bc1a49b03aad57c0794880< c6dd70e5b465a2b77c7a7c3d868736d302e29aecaffected
b729cc1ec21a5899b7879ccfbe1786664928d597< 6f449d8fa1808a7f9ee644866bbc079285dbefddaffected
b729cc1ec21a5899b7879ccfbe1786664928d597< 868c9037df626b3c245ee26a290a03ae1f9f58d3affected
6.12.11< 6.12.14affected
6.13affected
< 6.13unaffected
6.12.14≤ 6.12.*unaffected
6.13.3≤ 6.13.*unaffected
… +1 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-21813

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
timers/migration: Fix off-by-one root mis-connection
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix off-by-one root mis-connection Before attaching a new root to the old root, the children counter of the new root is checked to verify that only the upcoming CPU's top group have been connected to it. However since the recently added commit b729cc1ec21a ("timers/migration: Fix another race between hotplug and idle entry/exit") this check is not valid anymore because the old root is pre-accounted as a child to the new root. Therefore after connecting the upcoming CPU's top group to the new root, the children count to be expected must be 2 and not 1 anymore. This omission results in the old root to not be connected to the new root. Then eventually the system may run with more than one top level, which defeats the purpose of a single idle migrator. Also the old root is pre-accounted but not connected upon the new root creation. But it can be connected to the new root later on. Therefore the old root may be accounted twice to the new root. The propagation of such overcommit can end up creating a double final top-level root with a groupmask incorrectly initialized. Although harmless given that the final top level roots will never have a parent to walk up to, this oddity opportunistically reported the core issue: WARNING: CPU: 8 PID: 0 at kernel/time/timer_migration.c:543 tmigr_requires_handle_remote CPU: 8 UID: 0 PID: 0 Comm: swapper/8 RIP: 0010:tmigr_requires_handle_remote Call Trace: <IRQ> ? tmigr_requires_handle_remote ? hrtimer_run_queues update_process_times tick_periodic tick_handle_periodic __sysvec_apic_timer_interrupt sysvec_apic_timer_interrupt </IRQ> Fix the problem by taking the old root into account in the children count of the new root so the connection is not omitted. Also warn when more than one top level group exists to better detect similar issues in the future.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未正确处理根连接,可能导致多个顶级组。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 12ead225b7996252a8bc1a49b03aad57c0794880 ~ c6dd70e5b465a2b77c7a7c3d868736d302e29aec -
LinuxLinux 6.13 -

II. Public POCs for CVE-2025-21813

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-21813

登录查看更多情报信息。

Patches & Fixes for CVE-2025-21813 (3)

Same Patch Batch · Linux · 2025-02-27 · 177 CVEs total

CVE-2025-217567.8 HIGHvsock: Keep the binding until socket destruction
CVE-2025-21770iommu: Fix potential memory leak in iopf_queue_remove_device()
CVE-2025-21761openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
CVE-2025-21763neighbour: use RCU protection in __neigh_notify()
CVE-2025-21762arp: use RCU protection in arp_xmit()
CVE-2025-21764ndisc: use RCU protection in ndisc_alloc_skb()
CVE-2025-21765ipv6: use RCU protection in ip6_default_advmss()
CVE-2025-21766ipv4: use RCU protection in __ip_rt_update_pmtu()
CVE-2025-21767clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
CVE-2025-21769ptp: vmclock: Add .owner to vmclock_miscdev_fops
CVE-2025-21768net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
CVE-2025-21771sched_ext: Fix incorrect autogroup migration detection
CVE-2025-21776USB: hub: Ignore non-compliant devices with too many configs or interfaces
CVE-2025-21781batman-adv: fix panic during interface removal
CVE-2025-21780drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
CVE-2025-21779KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
CVE-2025-21778tracing: Do not allow mmap() of persistent ring buffer
CVE-2025-21777ring-buffer: Validate the persistent meta data subbuf array
CVE-2025-21775can: ctucanfd: handle skb allocation failure
CVE-2025-21773can: etas_es58x: fix potential NULL pointer dereference on udev->serial

Showing top 20 of 177 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-21813

No comments yet

Leave a comment