CVE-2025-21740 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2025-02-27

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-5176	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2025022659-CVE-2025-21740-083e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-21740
https://www.cve.org/CVERecord?id=CVE-2025-21740

History

Fri, 13 Jun 2025 19:00:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Moderate`	threat_severity `None`

Thu, 27 Mar 2025 14:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/2b3928b7c896e5a9fb6b1373924adafe8e01a0c6 https://git.kernel.org/stable/c/43fb96ae78551d7bfa4ecca956b258f085d67c40 https://git.kernel.org/stable/c/974f85f1f7eb7dc7fce0988046e06eeccab576a7

Thu, 27 Mar 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking When waking a VM's NX huge page recovery thread, ensure the thread is actually alive before trying to wake it. Now that the thread is spawned on-demand during KVM_RUN, a VM without a recovery thread is reachable via the related module params. BUG: kernel NULL pointer dereference, address: 0000000000000040 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:vhost_task_wake+0x5/0x10 Call Trace: <TASK> set_nx_huge_pages+0xcc/0x1e0 [kvm] param_attr_store+0x8a/0xd0 module_attr_store+0x1a/0x30 kernfs_fop_write_iter+0x12f/0x1e0 vfs_write+0x233/0x3e0 ksys_write+0x60/0xd0 do_syscall_64+0x5b/0x160 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f3b52710104 </TASK> Modules linked in: kvm_intel kvm CR2: 0000000000000040	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking	kernel: KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking

Thu, 06 Mar 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 28 Feb 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025022659-CVE-2025-21740-083e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-21740 https://www.cve.org/CVERecord?id=CVE-2025-21740
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 27 Feb 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking When waking a VM's NX huge page recovery thread, ensure the thread is actually alive before trying to wake it. Now that the thread is spawned on-demand during KVM_RUN, a VM without a recovery thread is reachable via the related module params. BUG: kernel NULL pointer dereference, address: 0000000000000040 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:vhost_task_wake+0x5/0x10 Call Trace: <TASK> set_nx_huge_pages+0xcc/0x1e0 [kvm] param_attr_store+0x8a/0xd0 module_attr_store+0x1a/0x30 kernfs_fop_write_iter+0x12f/0x1e0 vfs_write+0x233/0x3e0 ksys_write+0x60/0xd0 do_syscall_64+0x5b/0x160 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f3b52710104 </TASK> Modules linked in: kvm_intel kvm CR2: 0000000000000040
Title		KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking
References		https://git.kernel.org/stable/c/2b3928b7c896e5a9fb6b1373924adafe8e01a0c6 https://git.kernel.org/stable/c/43fb96ae78551d7bfa4ecca956b258f085d67c40 https://git.kernel.org/stable/c/974f85f1f7eb7dc7fce0988046e06eeccab576a7

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-02-27T02:12:15.222Z

Updated: 2025-03-27T13:48:46.896Z

Reserved: 2024-12-29T08:45:45.757Z

Link: CVE-2025-21740

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-02-27T03:15:14.630

Modified: 2025-03-27T14:15:22.250

Link: CVE-2025-21740

Redhat

Severity :

Publid Date: 2025-02-27T00:00:00Z

Links: CVE-2025-21740 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object