CVE-2025-21803: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix warnings during S3 suspend The enable_gpe_wakeup() function calls acpi_enable_all_wakeup_gpes(), and the later one may call the preempt_schedule_common() function, resulting in a thread switch and causing the CPU to be in an interrupt enabled state after the enable_gpe_wakeup() function returns, leading to the warnings as follow. [ C0] WARNING: ... at kernel/time/timekeeping.c:845 ktime_get+0xbc/0xc8 [ C0] ... [ C0] Call Trace: [ C0] [<90000000002243b4>] show_stack+0x64/0x188 [ C0] [<900000000164673c>] dump_stack_lvl+0x60/0x88 [ C0] [<90000000002687e4>] __warn+0x8c/0x148 [ C0] [<90000000015e9978>] report_bug+0x1c0/0x2b0 [ C0] [<90000000016478e4>] do_bp+0x204/0x3b8 [ C0] [<90000000025b1924>] exception_handlers+0x1924/0x10000 [ C0] [<9000000000343bbc>] ktime_get+0xbc/0xc8 [ C0] [<9000000000354c08>] tick_sched_timer+0x30/0xb0 [ C0] [<90000000003408e0>] __hrtimer_run_queues+0x160/0x378 [ C0] [<9000000000341f14>] hrtimer_interrupt+0x144/0x388 [ C0] [<9000000000228348>] constant_timer_interrupt+0x38/0x48 [ C0] [<90000000002feba4>] __handle_irq_event_percpu+0x64/0x1e8 [ C0] [<90000000002fed48>] handle_irq_event_percpu+0x20/0x80 [ C0] [<9000000000306b9c>] handle_percpu_irq+0x5c/0x98 [ C0] [<90000000002fd4a0>] generic_handle_domain_irq+0x30/0x48 [ C0] [<9000000000d0c7b0>] handle_cpu_irq+0x70/0xa8 [ C0] [<9000000001646b30>] handle_loongarch_irq+0x30/0x48 [ C0] [<9000000001646bc8>] do_vint+0x80/0xe0 [ C0] [<90000000002aea1c>] finish_task_switch.isra.0+0x8c/0x2a8 [ C0] [<900000000164e34c>] __schedule+0x314/0xa48 [ C0] [<900000000164ead8>] schedule+0x58/0xf0 [ C0] [<9000000000294a2c>] worker_thread+0x224/0x498 [ C0] [<900000000029d2f0>] kthread+0xf8/0x108 [ C0] [<9000000000221f28>] ret_from_kernel_thread+0xc/0xa4 [ C0] [ C0] ---[ end trace 0000000000000000 ]--- The root cause is acpi_enable_all_wakeup_gpes() uses a mutex to protect acpi_hw_enable_all_wakeup_gpes(), and acpi_ut_acquire_mutex() may cause a thread switch. Since there is no longer concurrent execution during loongarch_acpi_suspend(), we can call acpi_hw_enable_all_wakeup_gpes() directly in enable_gpe_wakeup(). The solution is similar to commit 22db06337f590d01 ("ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()").
AI Analysis
Technical Summary
CVE-2025-21803 is a vulnerability identified in the Linux kernel specifically related to the LoongArch architecture's handling of ACPI (Advanced Configuration and Power Interface) during system suspend (S3 state). The issue arises in the enable_gpe_wakeup() function, which calls acpi_enable_all_wakeup_gpes(). This latter function may invoke preempt_schedule_common(), causing a thread switch and leaving the CPU in an interrupt-enabled state after enable_gpe_wakeup() returns. This behavior triggers kernel warnings and potentially unstable system states as indicated by kernel stack traces referencing timekeeping and interrupt handling functions. The root cause is that acpi_enable_all_wakeup_gpes() uses a mutex to protect acpi_hw_enable_all_wakeup_gpes(), and acquiring this mutex (via acpi_ut_acquire_mutex()) can cause a thread switch. Since the LoongArch ACPI suspend path no longer allows concurrent execution, the mutex-protected call is unnecessary and problematic. The fix involves calling acpi_hw_enable_all_wakeup_gpes() directly within enable_gpe_wakeup(), avoiding the mutex and the associated thread switch. This approach aligns with a previous Linux kernel commit that addressed similar issues in ACPI sleep handling to prevent wakeup failures caused by might_sleep() conditions. Although this vulnerability does not appear to be exploited in the wild and lacks a CVSS score, it represents a kernel-level flaw that can lead to system instability, warnings, and potentially unpredictable behavior during suspend/resume cycles on affected LoongArch Linux systems. The vulnerability is specific to a particular kernel commit/version and architecture, limiting its scope but still critical for affected deployments.
Potential Impact
For European organizations, the impact of CVE-2025-21803 primarily concerns systems running Linux on LoongArch architecture hardware, which is relatively niche compared to x86 or ARM architectures. The vulnerability can cause kernel warnings and unstable CPU states during suspend/resume cycles, potentially leading to system crashes, data loss, or degraded availability of critical Linux-based infrastructure. Organizations relying on LoongArch-based servers or embedded systems may experience increased downtime or require more frequent reboots, impacting operational continuity. While this vulnerability does not directly enable privilege escalation or remote code execution, the instability it causes could be exploited indirectly by attackers to cause denial of service or disrupt services. Given the growing interest in alternative architectures for specialized computing, any European entities deploying LoongArch Linux systems in industrial control, telecommunications, or research environments should be aware of this risk. However, the limited market penetration of LoongArch in Europe reduces the widespread impact. The absence of known exploits in the wild further lowers immediate risk but does not eliminate the need for patching to maintain system reliability and security posture.
Mitigation Recommendations
To mitigate CVE-2025-21803, European organizations should: 1) Identify and inventory all Linux systems running on LoongArch architecture to assess exposure. 2) Apply the Linux kernel patch that modifies enable_gpe_wakeup() to call acpi_hw_enable_all_wakeup_gpes() directly, bypassing the mutex and preventing thread switches during suspend. This patch aligns with the referenced commit 22db06337f590d01 and should be obtained from trusted Linux kernel sources or vendor updates. 3) Test the updated kernel in staging environments to ensure suspend/resume stability before production deployment. 4) Monitor kernel logs for warnings related to timekeeping and interrupts during suspend/resume cycles to detect any residual issues. 5) Engage with hardware vendors and Linux distribution maintainers to confirm availability of patched kernel versions and coordinate timely updates. 6) For critical systems where immediate patching is not feasible, consider disabling suspend states or implementing workarounds to avoid triggering the vulnerable code path, understanding this may impact power management. 7) Maintain robust backup and recovery procedures to mitigate potential data loss from system instability. These steps go beyond generic advice by focusing on architecture-specific patching, targeted system identification, and operational monitoring.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden
CVE-2025-21803: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix warnings during S3 suspend The enable_gpe_wakeup() function calls acpi_enable_all_wakeup_gpes(), and the later one may call the preempt_schedule_common() function, resulting in a thread switch and causing the CPU to be in an interrupt enabled state after the enable_gpe_wakeup() function returns, leading to the warnings as follow. [ C0] WARNING: ... at kernel/time/timekeeping.c:845 ktime_get+0xbc/0xc8 [ C0] ... [ C0] Call Trace: [ C0] [<90000000002243b4>] show_stack+0x64/0x188 [ C0] [<900000000164673c>] dump_stack_lvl+0x60/0x88 [ C0] [<90000000002687e4>] __warn+0x8c/0x148 [ C0] [<90000000015e9978>] report_bug+0x1c0/0x2b0 [ C0] [<90000000016478e4>] do_bp+0x204/0x3b8 [ C0] [<90000000025b1924>] exception_handlers+0x1924/0x10000 [ C0] [<9000000000343bbc>] ktime_get+0xbc/0xc8 [ C0] [<9000000000354c08>] tick_sched_timer+0x30/0xb0 [ C0] [<90000000003408e0>] __hrtimer_run_queues+0x160/0x378 [ C0] [<9000000000341f14>] hrtimer_interrupt+0x144/0x388 [ C0] [<9000000000228348>] constant_timer_interrupt+0x38/0x48 [ C0] [<90000000002feba4>] __handle_irq_event_percpu+0x64/0x1e8 [ C0] [<90000000002fed48>] handle_irq_event_percpu+0x20/0x80 [ C0] [<9000000000306b9c>] handle_percpu_irq+0x5c/0x98 [ C0] [<90000000002fd4a0>] generic_handle_domain_irq+0x30/0x48 [ C0] [<9000000000d0c7b0>] handle_cpu_irq+0x70/0xa8 [ C0] [<9000000001646b30>] handle_loongarch_irq+0x30/0x48 [ C0] [<9000000001646bc8>] do_vint+0x80/0xe0 [ C0] [<90000000002aea1c>] finish_task_switch.isra.0+0x8c/0x2a8 [ C0] [<900000000164e34c>] __schedule+0x314/0xa48 [ C0] [<900000000164ead8>] schedule+0x58/0xf0 [ C0] [<9000000000294a2c>] worker_thread+0x224/0x498 [ C0] [<900000000029d2f0>] kthread+0xf8/0x108 [ C0] [<9000000000221f28>] ret_from_kernel_thread+0xc/0xa4 [ C0] [ C0] ---[ end trace 0000000000000000 ]--- The root cause is acpi_enable_all_wakeup_gpes() uses a mutex to protect acpi_hw_enable_all_wakeup_gpes(), and acpi_ut_acquire_mutex() may cause a thread switch. Since there is no longer concurrent execution during loongarch_acpi_suspend(), we can call acpi_hw_enable_all_wakeup_gpes() directly in enable_gpe_wakeup(). The solution is similar to commit 22db06337f590d01 ("ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()").
AI-Powered Analysis
Technical Analysis
CVE-2025-21803 is a vulnerability identified in the Linux kernel specifically related to the LoongArch architecture's handling of ACPI (Advanced Configuration and Power Interface) during system suspend (S3 state). The issue arises in the enable_gpe_wakeup() function, which calls acpi_enable_all_wakeup_gpes(). This latter function may invoke preempt_schedule_common(), causing a thread switch and leaving the CPU in an interrupt-enabled state after enable_gpe_wakeup() returns. This behavior triggers kernel warnings and potentially unstable system states as indicated by kernel stack traces referencing timekeeping and interrupt handling functions. The root cause is that acpi_enable_all_wakeup_gpes() uses a mutex to protect acpi_hw_enable_all_wakeup_gpes(), and acquiring this mutex (via acpi_ut_acquire_mutex()) can cause a thread switch. Since the LoongArch ACPI suspend path no longer allows concurrent execution, the mutex-protected call is unnecessary and problematic. The fix involves calling acpi_hw_enable_all_wakeup_gpes() directly within enable_gpe_wakeup(), avoiding the mutex and the associated thread switch. This approach aligns with a previous Linux kernel commit that addressed similar issues in ACPI sleep handling to prevent wakeup failures caused by might_sleep() conditions. Although this vulnerability does not appear to be exploited in the wild and lacks a CVSS score, it represents a kernel-level flaw that can lead to system instability, warnings, and potentially unpredictable behavior during suspend/resume cycles on affected LoongArch Linux systems. The vulnerability is specific to a particular kernel commit/version and architecture, limiting its scope but still critical for affected deployments.
Potential Impact
For European organizations, the impact of CVE-2025-21803 primarily concerns systems running Linux on LoongArch architecture hardware, which is relatively niche compared to x86 or ARM architectures. The vulnerability can cause kernel warnings and unstable CPU states during suspend/resume cycles, potentially leading to system crashes, data loss, or degraded availability of critical Linux-based infrastructure. Organizations relying on LoongArch-based servers or embedded systems may experience increased downtime or require more frequent reboots, impacting operational continuity. While this vulnerability does not directly enable privilege escalation or remote code execution, the instability it causes could be exploited indirectly by attackers to cause denial of service or disrupt services. Given the growing interest in alternative architectures for specialized computing, any European entities deploying LoongArch Linux systems in industrial control, telecommunications, or research environments should be aware of this risk. However, the limited market penetration of LoongArch in Europe reduces the widespread impact. The absence of known exploits in the wild further lowers immediate risk but does not eliminate the need for patching to maintain system reliability and security posture.
Mitigation Recommendations
To mitigate CVE-2025-21803, European organizations should: 1) Identify and inventory all Linux systems running on LoongArch architecture to assess exposure. 2) Apply the Linux kernel patch that modifies enable_gpe_wakeup() to call acpi_hw_enable_all_wakeup_gpes() directly, bypassing the mutex and preventing thread switches during suspend. This patch aligns with the referenced commit 22db06337f590d01 and should be obtained from trusted Linux kernel sources or vendor updates. 3) Test the updated kernel in staging environments to ensure suspend/resume stability before production deployment. 4) Monitor kernel logs for warnings related to timekeeping and interrupts during suspend/resume cycles to detect any residual issues. 5) Engage with hardware vendors and Linux distribution maintainers to confirm availability of patched kernel versions and coordinate timely updates. 6) For critical systems where immediate patching is not feasible, consider disabling suspend states or implementing workarounds to avoid triggering the vulnerable code path, understanding this may impact power management. 7) Maintain robust backup and recovery procedures to mitigate potential data loss from system instability. These steps go beyond generic advice by focusing on architecture-specific patching, targeted system identification, and operational monitoring.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.771Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe889e
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 9:24:44 AM
Last updated: 8/16/2025, 1:31:49 AM
Views: 9
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.