Race Condition Affecting kernel-64k-modules-extra package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL9-KERNEL64KMODULESEXTRA-9604394
- published2 Apr 2025
- disclosed1 Apr 2025
Introduced: 1 Apr 2025
CVE-2025-21895 (opens in a new tab)How to fix?
There is no fixed version for RHEL:9 kernel-64k-modules-extra.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-64k-modules-extra package and not the kernel-64k-modules-extra package as distributed by RHEL.
See How to fix? for RHEL:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list
Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same perf_event_pmu_context, but not in the same order.
The problem is that the order of pmu_ctx_list for the parent is impacted by the time when an event/PMU is added. While the order for a child is impacted by the event order in the pinned_groups and flexible_groups. So the order of pmu_ctx_list in the parent and child may be different.
To fix this problem, insert the perf_event_pmu_context to its proper place after iteration of the pmu_ctx_list.
The follow testcase can trigger above warning:
perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out &
perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out
test.c
void main() { int count = 0; pid_t pid;
printf("%d running\n", getpid()); sleep(30); printf("running\n");pid = fork(); if (pid == -1) { printf("fork error\n"); return; } if (pid == 0) { while (1) { count++; } } else { while (1) { count++; } }
}
The testcase first opens an LBR event, so it will allocate task_ctx_data, and then open tracepoint and software events, so the parent context will have 3 different perf_event_pmu_contexts. On inheritance, child ctx will insert the perf_event_pmu_context in another order and the warning will trigger.
[ mingo: Tidied up the changelog. ]
References
- https://access.redhat.com/security/cve/CVE-2025-21895
- https://git.kernel.org/stable/c/2016066c66192a99d9e0ebf433789c490a6785a2
- https://git.kernel.org/stable/c/3e812a70732d84b7873cea61a7f6349b9a9dcbf5
- https://git.kernel.org/stable/c/7d582eb6e4e100959ba07083d7563453c8c2a343
- https://git.kernel.org/stable/c/f0c3971405cef6892844016aa710121a02da3a23