CVE-2025-22010: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated, it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bc Add a cond_resched() to fix soft lockup during these loops. In order not to affect the allocation performance of normal-size buffer, set the loop count of a 100GB MR as the threshold to call cond_resched().
AI Analysis
Technical Summary
CVE-2025-22010 is a vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically within the hns_roce_hw_v2 driver. The issue arises during the allocation and mapping of buffer translation (bt) pages when handling very large memory regions (MR), such as those exceeding 100GB. The driver executes a for-loop to allocate and map these pages, and when the buffer size is large, the loop count becomes substantial. This causes the CPU to be stuck in the loop for an extended period, triggering a soft lockup detected by the kernel watchdog. The soft lockup manifests as the CPU being unresponsive for over 20 seconds, which can severely degrade system responsiveness and stability. The root cause is the lack of scheduling points within the loop, preventing the kernel from rescheduling other tasks. The fix implemented involves adding a conditional reschedule call (cond_resched()) once the loop count reaches the threshold associated with a 100GB MR allocation. This approach prevents the CPU from being monopolized by the loop, allowing other processes to execute and thus avoiding the soft lockup without impacting performance for smaller buffer allocations. This vulnerability does not appear to have known exploits in the wild and does not have an assigned CVSS score yet. It affects Linux kernel versions identified by the commit hash 38389eaa4db192648916464b60f6086d6bbaa6de and likely other versions containing the vulnerable hns_roce_hw_v2 driver code. The vulnerability is primarily a denial-of-service (DoS) condition caused by resource starvation on the CPU due to inefficient handling of large RDMA buffer allocations.
Potential Impact
For European organizations, especially those operating data centers, high-performance computing clusters, or environments utilizing RDMA technology for low-latency and high-throughput networking, this vulnerability can lead to significant operational disruptions. Systems running vulnerable Linux kernels with the hns_roce_hw_v2 driver may experience soft lockups during large memory region allocations, causing CPU cores to become unresponsive temporarily. This can degrade application performance, cause service interruptions, or trigger system watchdogs leading to forced reboots or failovers. Industries relying on RDMA for critical workloads, such as financial services, telecommunications, scientific research, and cloud service providers, may face increased downtime or degraded quality of service. Although this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be substantial, particularly in environments where large memory buffers are frequently allocated for RDMA operations. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or intentional triggering of the soft lockup condition, potentially leading to denial-of-service scenarios.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2025-22010. Specifically, they should ensure that the hns_roce_hw_v2 driver incorporates the cond_resched() fix to prevent CPU soft lockups during large buffer allocations. For environments where immediate patching is not feasible, administrators can monitor CPU usage and kernel logs for signs of soft lockups related to RDMA operations and consider limiting the size of memory regions allocated via RDMA to below the 100GB threshold as a temporary workaround. Additionally, organizations should implement robust monitoring and alerting for kernel watchdog events and CPU stalls to detect potential occurrences early. Testing RDMA workloads in staging environments after patching is recommended to verify that performance remains unaffected for typical buffer sizes. Network and system administrators should also review RDMA usage policies and educate application developers about the risks of allocating excessively large memory regions without appropriate kernel support. Finally, maintaining up-to-date Linux kernel versions and subscribing to relevant security advisories will help ensure timely awareness and remediation of similar vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland, Italy
CVE-2025-22010: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated, it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bc Add a cond_resched() to fix soft lockup during these loops. In order not to affect the allocation performance of normal-size buffer, set the loop count of a 100GB MR as the threshold to call cond_resched().
AI-Powered Analysis
Technical Analysis
CVE-2025-22010 is a vulnerability identified in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically within the hns_roce_hw_v2 driver. The issue arises during the allocation and mapping of buffer translation (bt) pages when handling very large memory regions (MR), such as those exceeding 100GB. The driver executes a for-loop to allocate and map these pages, and when the buffer size is large, the loop count becomes substantial. This causes the CPU to be stuck in the loop for an extended period, triggering a soft lockup detected by the kernel watchdog. The soft lockup manifests as the CPU being unresponsive for over 20 seconds, which can severely degrade system responsiveness and stability. The root cause is the lack of scheduling points within the loop, preventing the kernel from rescheduling other tasks. The fix implemented involves adding a conditional reschedule call (cond_resched()) once the loop count reaches the threshold associated with a 100GB MR allocation. This approach prevents the CPU from being monopolized by the loop, allowing other processes to execute and thus avoiding the soft lockup without impacting performance for smaller buffer allocations. This vulnerability does not appear to have known exploits in the wild and does not have an assigned CVSS score yet. It affects Linux kernel versions identified by the commit hash 38389eaa4db192648916464b60f6086d6bbaa6de and likely other versions containing the vulnerable hns_roce_hw_v2 driver code. The vulnerability is primarily a denial-of-service (DoS) condition caused by resource starvation on the CPU due to inefficient handling of large RDMA buffer allocations.
Potential Impact
For European organizations, especially those operating data centers, high-performance computing clusters, or environments utilizing RDMA technology for low-latency and high-throughput networking, this vulnerability can lead to significant operational disruptions. Systems running vulnerable Linux kernels with the hns_roce_hw_v2 driver may experience soft lockups during large memory region allocations, causing CPU cores to become unresponsive temporarily. This can degrade application performance, cause service interruptions, or trigger system watchdogs leading to forced reboots or failovers. Industries relying on RDMA for critical workloads, such as financial services, telecommunications, scientific research, and cloud service providers, may face increased downtime or degraded quality of service. Although this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be substantial, particularly in environments where large memory buffers are frequently allocated for RDMA operations. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or intentional triggering of the soft lockup condition, potentially leading to denial-of-service scenarios.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2025-22010. Specifically, they should ensure that the hns_roce_hw_v2 driver incorporates the cond_resched() fix to prevent CPU soft lockups during large buffer allocations. For environments where immediate patching is not feasible, administrators can monitor CPU usage and kernel logs for signs of soft lockups related to RDMA operations and consider limiting the size of memory regions allocated via RDMA to below the 100GB threshold as a temporary workaround. Additionally, organizations should implement robust monitoring and alerting for kernel watchdog events and CPU stalls to detect potential occurrences early. Testing RDMA workloads in staging environments after patching is recommended to verify that performance remains unaffected for typical buffer sizes. Network and system administrators should also review RDMA usage policies and educate application developers about the risks of allocating excessively large memory regions without appropriate kernel support. Finally, maintaining up-to-date Linux kernel versions and subscribing to relevant security advisories will help ensure timely awareness and remediation of similar vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.804Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe8eeb
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 11:55:41 AM
Last updated: 8/8/2025, 8:40:43 AM
Views: 12
Related Threats
CVE-2025-8929: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-8928: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-34154: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Synergetic Data Systems Inc. UnForm Server Manager
CriticalCVE-2025-8927: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumCVE-2025-43988: n/a
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.