CVE-2025-21809: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix peer hash locking vs RCU callback In its address list, afs now retains pointers to and refs on one or more rxrpc_peer objects. The address list is freed under RCU and at this time, it puts the refs on those peers. Now, when an rxrpc_peer object runs out of refs, it gets removed from the peer hash table and, for that, rxrpc has to take a spinlock. However, it is now being called from afs's RCU cleanup, which takes place in BH context - but it is just taking an ordinary spinlock. The put may also be called from non-BH context, and so there exists the possibility of deadlock if the BH-based RCU cleanup happens whilst the hash spinlock is held. This led to the attached lockdep complaint. Fix this by changing spinlocks of rxnet->peer_hash_lock back to BH-disabling locks. ================================ WARNING: inconsistent lock state 6.13.0-rc5-build2+ #1223 Tainted: G E -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes: ffff88810babe228 (&rxnet->peer_hash_lock){+.?.}-{3:3}, at: rxrpc_put_peer+0xcb/0x180 {SOFTIRQ-ON-W} state was registered at: mark_usage+0x164/0x180 __lock_acquire+0x544/0x990 lock_acquire.part.0+0x103/0x280 _raw_spin_lock+0x2f/0x40 rxrpc_peer_keepalive_worker+0x144/0x440 process_one_work+0x486/0x7c0 process_scheduled_works+0x73/0x90 worker_thread+0x1c8/0x2a0 kthread+0x19b/0x1b0 ret_from_fork+0x24/0x40 ret_from_fork_asm+0x1a/0x30 irq event stamp: 972402 hardirqs last enabled at (972402): [<ffffffff8244360e>] _raw_spin_unlock_irqrestore+0x2e/0x50 hardirqs last disabled at (972401): [<ffffffff82443328>] _raw_spin_lock_irqsave+0x18/0x60 softirqs last enabled at (972300): [<ffffffff810ffbbe>] handle_softirqs+0x3ee/0x430 softirqs last disabled at (972313): [<ffffffff810ffc54>] __irq_exit_rcu+0x44/0x110 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&rxnet->peer_hash_lock); <Interrupt> lock(&rxnet->peer_hash_lock); *** DEADLOCK *** 1 lock held by swapper/1/0: #0: ffffffff83576be0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire+0x7/0x30 stack backtrace: CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G E 6.13.0-rc5-build2+ #1223 Tainted: [E]=UNSIGNED_MODULE Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 Call Trace: <IRQ> dump_stack_lvl+0x57/0x80 print_usage_bug.part.0+0x227/0x240 valid_state+0x53/0x70 mark_lock_irq+0xa5/0x2f0 mark_lock+0xf7/0x170 mark_usage+0xe1/0x180 __lock_acquire+0x544/0x990 lock_acquire.part.0+0x103/0x280 _raw_spin_lock+0x2f/0x40 rxrpc_put_peer+0xcb/0x180 afs_free_addrlist+0x46/0x90 [kafs] rcu_do_batch+0x2d2/0x640 rcu_core+0x2f7/0x350 handle_softirqs+0x1ee/0x430 __irq_exit_rcu+0x44/0x110 irq_exit_rcu+0xa/0x30 sysvec_apic_timer_interrupt+0x7f/0xa0 </IRQ>
AI Analysis
Technical Summary
CVE-2025-21809 is a concurrency-related vulnerability in the Linux kernel affecting the rxrpc and AFS (Andrew File System) subsystems. The issue arises from improper locking mechanisms during reference counting and cleanup of rxrpc_peer objects within the AFS address list. Specifically, the AFS address list holds references to rxrpc_peer objects and is freed under Read-Copy-Update (RCU) callbacks, which execute in bottom half (BH) context. When an rxrpc_peer object's reference count drops to zero, it is removed from the peer hash table, a process that requires acquiring a spinlock (peer_hash_lock). However, the spinlock used was a standard spinlock that does not disable bottom halves, leading to a potential deadlock scenario. This deadlock can occur if the RCU cleanup (in BH context) tries to acquire the peer_hash_lock spinlock while it is already held in a non-BH context, or vice versa. The kernel's lock dependency validator (lockdep) detects this inconsistent lock state, indicating a real risk of deadlock. The fix involves changing the peer_hash_lock spinlock to a BH-disabling spinlock, ensuring that bottom halves are disabled when the lock is held, thus preventing the deadlock. This vulnerability is subtle and relates to kernel synchronization primitives and concurrency control, which are critical for kernel stability and reliability. No known exploits are reported in the wild, and the issue was resolved in Linux kernel version 6.13.0-rc5-build2+ and later. The vulnerability does not directly expose confidentiality or integrity risks but can cause system hangs or crashes due to deadlocks, impacting availability.
Potential Impact
For European organizations relying on Linux-based systems, especially those using the AFS protocol or rxrpc networking (common in distributed file systems and certain enterprise environments), this vulnerability can lead to system instability or denial of service due to kernel deadlocks. Such deadlocks can cause critical servers or network appliances to hang, requiring manual intervention or reboot, thus impacting business continuity. Organizations running Linux kernels prior to the fix may experience unexpected system freezes or degraded performance, particularly under workloads involving AFS or rxrpc communications. This can affect sectors with high dependency on Linux servers, such as telecommunications, finance, research institutions, and cloud service providers across Europe. Although no direct data breach or privilege escalation is involved, the availability impact can disrupt services, leading to operational and reputational damage. The risk is heightened in environments where kernel updates are delayed or where custom kernels are used without timely patching.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions including the fix for CVE-2025-21809, specifically kernels 6.13.0-rc5-build2+ or later. For environments where immediate kernel upgrades are not feasible, organizations should audit the use of AFS and rxrpc subsystems and consider disabling or limiting their use until patched versions are deployed. Monitoring kernel logs for lockdep warnings or deadlock symptoms can provide early detection of this issue. Additionally, organizations should implement rigorous kernel update policies and testing procedures to ensure timely deployment of critical fixes. For custom or embedded Linux distributions, maintain close coordination with vendors or internal development teams to integrate the patch. Finally, consider isolating critical Linux systems running vulnerable kernels from untrusted networks to reduce exposure to triggering conditions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2025-21809: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix peer hash locking vs RCU callback In its address list, afs now retains pointers to and refs on one or more rxrpc_peer objects. The address list is freed under RCU and at this time, it puts the refs on those peers. Now, when an rxrpc_peer object runs out of refs, it gets removed from the peer hash table and, for that, rxrpc has to take a spinlock. However, it is now being called from afs's RCU cleanup, which takes place in BH context - but it is just taking an ordinary spinlock. The put may also be called from non-BH context, and so there exists the possibility of deadlock if the BH-based RCU cleanup happens whilst the hash spinlock is held. This led to the attached lockdep complaint. Fix this by changing spinlocks of rxnet->peer_hash_lock back to BH-disabling locks. ================================ WARNING: inconsistent lock state 6.13.0-rc5-build2+ #1223 Tainted: G E -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes: ffff88810babe228 (&rxnet->peer_hash_lock){+.?.}-{3:3}, at: rxrpc_put_peer+0xcb/0x180 {SOFTIRQ-ON-W} state was registered at: mark_usage+0x164/0x180 __lock_acquire+0x544/0x990 lock_acquire.part.0+0x103/0x280 _raw_spin_lock+0x2f/0x40 rxrpc_peer_keepalive_worker+0x144/0x440 process_one_work+0x486/0x7c0 process_scheduled_works+0x73/0x90 worker_thread+0x1c8/0x2a0 kthread+0x19b/0x1b0 ret_from_fork+0x24/0x40 ret_from_fork_asm+0x1a/0x30 irq event stamp: 972402 hardirqs last enabled at (972402): [<ffffffff8244360e>] _raw_spin_unlock_irqrestore+0x2e/0x50 hardirqs last disabled at (972401): [<ffffffff82443328>] _raw_spin_lock_irqsave+0x18/0x60 softirqs last enabled at (972300): [<ffffffff810ffbbe>] handle_softirqs+0x3ee/0x430 softirqs last disabled at (972313): [<ffffffff810ffc54>] __irq_exit_rcu+0x44/0x110 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&rxnet->peer_hash_lock); <Interrupt> lock(&rxnet->peer_hash_lock); *** DEADLOCK *** 1 lock held by swapper/1/0: #0: ffffffff83576be0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire+0x7/0x30 stack backtrace: CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G E 6.13.0-rc5-build2+ #1223 Tainted: [E]=UNSIGNED_MODULE Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 Call Trace: <IRQ> dump_stack_lvl+0x57/0x80 print_usage_bug.part.0+0x227/0x240 valid_state+0x53/0x70 mark_lock_irq+0xa5/0x2f0 mark_lock+0xf7/0x170 mark_usage+0xe1/0x180 __lock_acquire+0x544/0x990 lock_acquire.part.0+0x103/0x280 _raw_spin_lock+0x2f/0x40 rxrpc_put_peer+0xcb/0x180 afs_free_addrlist+0x46/0x90 [kafs] rcu_do_batch+0x2d2/0x640 rcu_core+0x2f7/0x350 handle_softirqs+0x1ee/0x430 __irq_exit_rcu+0x44/0x110 irq_exit_rcu+0xa/0x30 sysvec_apic_timer_interrupt+0x7f/0xa0 </IRQ>
AI-Powered Analysis
Technical Analysis
CVE-2025-21809 is a concurrency-related vulnerability in the Linux kernel affecting the rxrpc and AFS (Andrew File System) subsystems. The issue arises from improper locking mechanisms during reference counting and cleanup of rxrpc_peer objects within the AFS address list. Specifically, the AFS address list holds references to rxrpc_peer objects and is freed under Read-Copy-Update (RCU) callbacks, which execute in bottom half (BH) context. When an rxrpc_peer object's reference count drops to zero, it is removed from the peer hash table, a process that requires acquiring a spinlock (peer_hash_lock). However, the spinlock used was a standard spinlock that does not disable bottom halves, leading to a potential deadlock scenario. This deadlock can occur if the RCU cleanup (in BH context) tries to acquire the peer_hash_lock spinlock while it is already held in a non-BH context, or vice versa. The kernel's lock dependency validator (lockdep) detects this inconsistent lock state, indicating a real risk of deadlock. The fix involves changing the peer_hash_lock spinlock to a BH-disabling spinlock, ensuring that bottom halves are disabled when the lock is held, thus preventing the deadlock. This vulnerability is subtle and relates to kernel synchronization primitives and concurrency control, which are critical for kernel stability and reliability. No known exploits are reported in the wild, and the issue was resolved in Linux kernel version 6.13.0-rc5-build2+ and later. The vulnerability does not directly expose confidentiality or integrity risks but can cause system hangs or crashes due to deadlocks, impacting availability.
Potential Impact
For European organizations relying on Linux-based systems, especially those using the AFS protocol or rxrpc networking (common in distributed file systems and certain enterprise environments), this vulnerability can lead to system instability or denial of service due to kernel deadlocks. Such deadlocks can cause critical servers or network appliances to hang, requiring manual intervention or reboot, thus impacting business continuity. Organizations running Linux kernels prior to the fix may experience unexpected system freezes or degraded performance, particularly under workloads involving AFS or rxrpc communications. This can affect sectors with high dependency on Linux servers, such as telecommunications, finance, research institutions, and cloud service providers across Europe. Although no direct data breach or privilege escalation is involved, the availability impact can disrupt services, leading to operational and reputational damage. The risk is heightened in environments where kernel updates are delayed or where custom kernels are used without timely patching.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions including the fix for CVE-2025-21809, specifically kernels 6.13.0-rc5-build2+ or later. For environments where immediate kernel upgrades are not feasible, organizations should audit the use of AFS and rxrpc subsystems and consider disabling or limiting their use until patched versions are deployed. Monitoring kernel logs for lockdep warnings or deadlock symptoms can provide early detection of this issue. Additionally, organizations should implement rigorous kernel update policies and testing procedures to ensure timely deployment of critical fixes. For custom or embedded Linux distributions, maintain close coordination with vendors or internal development teams to integrate the patch. Finally, consider isolating critical Linux systems running vulnerable kernels from untrusted networks to reduce exposure to triggering conditions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.772Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd34f
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 11:41:47 PM
Last updated: 8/15/2025, 9:53:01 AM
Views: 17
Related Threats
CVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighTop Israeli Cybersecurity Director Arrested in US Child Exploitation Sting
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.