CVE-2025-21907 is a vulnerability identified in the Linux kernel's memory management subsystem, specifically related to the handling of poisoned memory pages during page migration. The issue arises in the function unmap_poisoned_folio(), which is responsible for unmapping memory pages that have been marked as 'poisoned' due to hardware memory errors. The vulnerability involves improper updating of the TTU (try to unmap) flags, particularly the transition from TTU_IGNORE_HWPOISON to TTU_HWPOISON, which controls whether a SIGBUS signal is sent when accessing error pages. During page migration, anonymous memory folios must be set with TTU_HWPOISON to correctly handle the poisoned state, but the previous implementation did not consistently apply this flag, especially for pagecache folios. This inconsistency can lead to warnings and potential instability, as evidenced by kernel warnings and stack traces logged during the unmap operation. The patch series addresses two bugs related to folio migration when the folio is poisoned, ensuring that the TTU_HWPOISON flag is correctly set during unmap_poisoned_folio(), and moving policy logic from hwpoison_user_mappings to unmap_poisoned_folio for better handling. The vulnerability affects specific Linux kernel commits and versions, including 6da6b1d4a7df8c35770186b53ef65d388398e139 and others. While no known exploits are reported in the wild, the issue can cause kernel warnings, potential crashes, or instability when memory errors occur and the kernel attempts to migrate poisoned pages. This vulnerability is technical and low-level, impacting kernel memory management robustness and error handling.

For European organizations, the impact of CVE-2025-21907 primarily concerns systems running affected Linux kernel versions, especially those deployed in critical infrastructure, data centers, cloud environments, and enterprise servers. The vulnerability can lead to kernel warnings and potentially system instability or crashes when hardware memory errors occur and the kernel tries to migrate poisoned pages. This can affect system availability and reliability, particularly in environments with high memory usage or aging hardware prone to memory faults. While it does not directly lead to privilege escalation or data leakage, the instability could disrupt services, cause downtime, or complicate incident response. Organizations relying on Linux-based virtualization, container platforms, or cloud services may experience degraded performance or unexpected reboots if the kernel encounters poisoned memory pages. The absence of known exploits reduces immediate risk, but the vulnerability highlights the importance of robust memory error handling to maintain system integrity and uptime.

European organizations should apply the official Linux kernel patches that address this vulnerability as soon as they become available. Specifically, updating to kernel versions that include the fix for unmap_poisoned_folio() and correct TTU flag handling is critical. System administrators should monitor kernel logs for warnings related to memory poisoning and page migration to detect potential issues early. Implementing hardware monitoring and predictive failure analysis tools can help identify failing memory modules before they cause kernel-level errors. For virtualized environments, ensuring that hypervisors and guest kernels are updated reduces the risk of propagation of memory errors. Additionally, organizations should maintain rigorous patch management processes to deploy kernel updates promptly. Testing kernel updates in staging environments is advised to ensure compatibility and stability. Finally, consider deploying memory error correction technologies (ECC RAM) and hardware diagnostics to minimize the occurrence of poisoned memory pages.