🛡️ UBUNTU-CVE-2025-21713
⚪ Unknown ✅ No Known Exploit OSV
N/A
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Don't unset window if it was never set On pSeries, when user attempts to use the same vfio container used by different iommu group, the spapr_tce_set_window() returns -EPERM and the subsequent cleanup leads to the below crash. Kernel attempted to read user page (308) - exploit attempt? BUG: Kernel NULL pointer dereference on read at 0x00000308 Faulting instruction address: 0xc0000000001ce358 Oops: Kernel access of bad area, sig: 11 [#1] NIP: c0000000001ce358 LR: c0000000001ce05c CTR: c00000000005add0 NIP [c0000000001ce358] spapr_tce_unset_window+0x3b8/0x510 LR [c0000000001ce05c] spapr_tce_unset_window+0xbc/0x510 Call Trace: spapr_tce_unset_window+0xbc/0x510 (unreliable) tce_iommu_attach_group+0x24c/0x340 [vfio_iommu_spapr_tce] vfio_container_attach_group+0xec/0x240 [vfio] vfio_group_fops_unl_ioctl+0x548/0xb00 [vfio] sys_ioctl+0x754/0x1580 system_call_exception+0x13c/0x330 system_call_vectored_common+0x15c/0x2ec --- interrupt: 3000 Fix this by having null check for the tbl passed to the spapr_tce_unset_window().

Details

Severity Unknown
CVSS Score N/A
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE N/A
Public Exploit ✅ No
Source OSV
Published 2025-02-27
Updated 2026-06-02
Modified 2026-02-04
Fix URL N/A

Affected Packages

Software From version Fixed in
linux-allwinner-5.19
linux-aws-5.0
linux-aws-5.11
linux-aws-5.13
linux-aws-5.19
linux-aws-5.3
linux-aws-5.8
linux-aws-6.2
linux-aws-6.5
linux-azure
linux-azure-5.11
linux-azure-5.13
linux-azure-5.19
linux-azure-5.3
linux-azure-5.8
linux-azure-6.11 6.11.0-1015.15~24.04.1
linux-azure-6.2
linux-azure-6.5
linux-azure-edge
linux-azure-fde
linux-azure-fde-5.19
linux-azure-fde-6.2
linux-gcp
linux-gcp-5.11
linux-gcp-5.13
linux-gcp-5.19
linux-gcp-5.3
linux-gcp-5.8
linux-gcp-6.11 6.11.0-1015.15~24.04.1
linux-gcp-6.2
linux-gcp-6.5
linux-gke
linux-gke-4.15
linux-gke-5.15
linux-gke-5.4
linux-gkeop
linux-gkeop-5.15
linux-gkeop-5.4
linux-hwe
linux-hwe-5.11
linux-hwe-5.13
linux-hwe-5.19
linux-hwe-5.8
linux-hwe-6.11 6.11.0-26.26~24.04.1
linux-hwe-6.2
linux-hwe-6.5
linux-hwe-edge
linux-intel-5.13
linux-intel-iot-realtime
linux-lowlatency-hwe-5.19
linux-lowlatency-hwe-6.11 6.11.0-1014.15~24.04.1
linux-lowlatency-hwe-6.2
linux-lowlatency-hwe-6.5
linux-nvidia-6.11 6.11.0-1010.10
linux-nvidia-6.2
linux-nvidia-6.5
linux-oem
linux-oem-5.10
linux-oem-5.13
linux-oem-5.14
linux-oem-5.17
linux-oem-5.6
linux-oem-6.0
linux-oem-6.1
linux-oem-6.11 6.11.0-1022.22
linux-oem-6.5
linux-oracle-5.0
linux-oracle-5.11
linux-oracle-5.13
linux-oracle-5.3
linux-oracle-5.8
linux-oracle-6.5
linux-raspi-realtime
linux-raspi2
linux-realtime
linux-riscv
linux-riscv-5.11
linux-riscv-5.19
linux-riscv-5.8
linux-riscv-6.5
linux-starfive-5.19
linux-starfive-6.2
linux-starfive-6.5

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.