CVE-2025-21907
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-21907. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
In the Linux kernel, the following vulnerability has been resolved:
mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Patch series "mm: memory_failure: unmap poisoned folio during migrate
properly", v3.
Fix two bugs during folio migration if the folio is poisoned.
This patch (of 3):
Commit 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to
TTU_HWPOISON") introduce TTU_HWPOISON to replace TTU_IGNORE_HWPOISON in
order to stop send SIGBUS signal when accessing an error page after a
memory error on a clean folio. However during page migration, anon folio
must be set with TTU_HWPOISON during unmap_*(). For pagecache we need
some policy just like the one in hwpoison_user_mappings to set this flag.
So move this policy from hwpoison_user_mappings to unmap_poisoned_folio to
handle this warning properly.
Warning will be produced during unamp poison folio with the following log:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 365 at mm/rmap.c:1847 try_to_unmap_one+0x8fc/0xd3c
Modules linked in:
CPU: 1 UID: 0 PID: 365 Comm: bash Tainted: G W 6.13.0-rc1-00018-gacdb4bbda7ab #42
Tainted: [W]=WARN
Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : try_to_unmap_one+0x8fc/0xd3c
lr : try_to_unmap_one+0x3dc/0xd3c
Call trace:
try_to_unmap_one+0x8fc/0xd3c (P)
try_to_unmap_one+0x3dc/0xd3c (L)
rmap_walk_anon+0xdc/0x1f8
rmap_walk+0x3c/0x58
try_to_unmap+0x88/0x90
unmap_poisoned_folio+0x30/0xa8
do_migrate_range+0x4a0/0x568
offline_pages+0x5a4/0x670
memory_block_action+0x17c/0x374
memory_subsys_offline+0x3c/0x78
device_offline+0xa4/0xd0
state_store+0x8c/0xf0
dev_attr_store+0x18/0x2c
sysfs_kf_write+0x44/0x54
kernfs_fop_write_iter+0x118/0x1a8
vfs_write+0x3a8/0x4bc
ksys_write+0x6c/0xf8
__arm64_sys_write+0x1c/0x28
invoke_syscall+0x44/0x100
el0_svc_common.constprop.0+0x40/0xe0
do_el0_svc+0x1c/0x28
el0_svc+0x30/0xd0
el0t_64_sync_handler+0xc8/0xcc
el0t_64_sync+0x198/0x19c
---[ end trace 0000000000000000 ]---
[[email protected]: unmap_poisoned_folio(): remove shadowed local `mapping', per Miaohe]
Available Exploits
Related News
Affected Products
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Malicious code in bioql (PyPI)
Affected Products (ENISA)
ENISA Scoring
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: October 3, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
Discover the latest updates from Action1 **Live Demo: Patching That Just Works with Action1** 💡 Patch management doesn’t have to be complex. Learn how to simplify and automate in our upcoming live demo on Wednesday, September 17: 𝗣𝗮𝘁𝗰𝗵𝗶𝗻𝗴 𝗧𝗵𝗮𝘁 𝗝𝘂𝘀𝘁 𝗪𝗼𝗿𝗸𝘀 𝘄𝗶𝘁𝗵 𝗔𝗰𝘁𝗶𝗼𝗻𝟭. Register here> [http://on.action1.com/467almd](http://on.action1.com/467almd) \---------------------------------------------------------------------------------------------------------------------- **Patch Tuesday Spetember …
𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄! ▪️ Microsoft has addressed 81 vulnerabilities, two zero-days with PoC (CVE-2025-55234 and CVE-2025-21907), 8 critical ▪️ Third-party: actively exploited vulnerabilities in Google Chrome, Android, Apple, WhatsApp, FreePBX, Citrix, and Fortinet, plus major third-party issues affecting Docker Desktop, Cisco Secure Firewall, Intel, Passwordstate, and popular password manager …