CVE-2025-21851 is a vulnerability identified in the Linux kernel specifically affecting systems running on the aarch64 architecture with the kernel configured to use 64KB pages (CONFIG_PAGE_SIZE_64KB=y). The issue arises in the BPF (Berkeley Packet Filter) subsystem, particularly within the memory management routines related to arena_map_free(). The vulnerability manifests as a soft lockup and segmentation fault triggered by arena_htab tests due to improper handling of page alignment. The root cause is that arena_map_free() calls apply_to_existing_page_range() with an address obtained from bpf_arena_get_kern_vm_start() that is not properly page-aligned. This leads to apply_to_pte_range() being invoked with an unaligned address, causing the kernel to hang (soft lockup) or crash (segmentation fault). The fix involves rounding up the GUARD_SZ constant to twice the PAGE_SIZE, ensuring that the division by 2 in bpf_arena_get_kern_vm_start() yields a page-aligned address, preventing the erroneous calls with unaligned addresses. This vulnerability is specific to the Linux kernel on aarch64 platforms using 64KB pages and does not affect systems using the standard 4KB page size on the same architecture. No known exploits are reported in the wild as of now, and no CVSS score has been assigned yet.

For European organizations, this vulnerability could lead to system instability or denial of service on affected Linux systems running on aarch64 hardware with 64KB page size configuration. The soft lockup and segmentation faults can disrupt critical services, especially in environments relying on Linux-based servers, embedded systems, or cloud infrastructure using ARM64 processors. This is particularly relevant for sectors such as telecommunications, cloud service providers, and enterprises adopting ARM-based servers for energy efficiency and performance. The impact is primarily on availability, as the vulnerability causes kernel hangs and crashes rather than direct data breaches or privilege escalations. However, repeated crashes or lockups could lead to operational downtime, affecting business continuity and service reliability. Since no known exploits exist yet, the immediate risk is moderate, but the vulnerability should be addressed promptly to prevent potential future exploitation as attackers may develop techniques to trigger these kernel faults maliciously.

European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Specifically, kernel maintainers have fixed the issue by adjusting the page alignment logic in the BPF subsystem. Systems running on aarch64 architecture with 64KB page size enabled must be identified through inventory and configuration management tools. For environments where immediate patching is not feasible, temporary mitigations include disabling BPF features if possible or reverting to 4KB page size configurations, though the latter may not be practical for all deployments. Monitoring kernel logs for signs of soft lockups or segmentation faults related to BPF operations can help detect attempts to trigger this vulnerability. Additionally, organizations should ensure robust backup and recovery procedures to minimize downtime impact. Collaboration with Linux distribution vendors to receive timely security updates and applying them promptly is essential. Finally, testing patches in staging environments before production deployment will help avoid regressions.