What is CVE-2025-21931?

CVE-2025-21931 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, classified as a Improper Locking flaw (CWE-667), affecting Linux kernel versions from 3.16.65 onward and patched in 6.1.140, 6.6.92, 6.12.19 and others. CVE-2025-21931 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-21931?

CVE-2025-21931 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2025-21931?

Yes, CVE-2025-21931 has been patched. Fixed versions include 6.1.140, 6.6.92, 6.12.19 and others. If you are running Linux kernel 3.16.65 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-21931 actively exploited?

CVE-2025-21931 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Improper Locking (CWE-667)?

The product does not properly acquire or release a lock, which can lead to unexpected behaviour. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/667.html

CVE-2025-21931

Medium

In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]---

Package Linux Kernel

Published 2025-04-01

Last modified 2025-11-03

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-667

CVE-2025-21931 is a Improper Locking vulnerability

What is Improper Locking?

The product does not properly acquire or release a lock, which can lead to unexpected behaviour. Learn more on MITRE CWE

Affected versions

Linux kernel versions 3.16.65, 4.4.170, 4.9.150, 4.14.93, 4.19.15, 4.20.2, 5.0 and later are affected. Fixed in 6.1.140, 6.6.92, 6.12.19, 6.13.7, 6.14 and their respective stable series.

Affected from

≥ 3.16.65 ≥ 4.4.170 ≥ 4.9.150 ≥ 4.14.93 ≥ 4.19.15 ≥ 4.20.2 ≥ 5.0

Fixed in

✓ 6.1.140 6.1.x ✓ 6.6.92 6.6.x ✓ 6.12.19 6.12.x ✓ 6.13.7 6.13.x ✓ 6.14

References

The following references provide additional information about CVE-2025-21931 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
Kernel patch commit
https://git.kernel.org/stable/c/3926b572fd073491bde13ec42ee08ac1b337bf4d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/576a2f4c437c19bec7d05d05b5990f178d2b0f40
Patch
Kernel patch commit
https://git.kernel.org/stable/c/629dfc6ba5431056701d4e44830f3409b989955a
Patch

5 patch commits total View all on NVD

Details

CVE ID CVE-2025-21931

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2025-04-01

Modified 2025-11-03

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2025-21931?

CVE-2025-21931 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 , classified as an Improper Locking flaw (CWE-667) . It affects Linux kernel versions from 3.16.65 onward and has been patched in 6.1.140, 6.6.92, 6.12.19 and others. CVE-2025-21931 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2025-21931?

CVE-2025-21931 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2025-21931?

Yes — CVE-2025-21931 has been patched. Fixed versions include 6.1.140, 6.6.92, 6.12.19 and others. If you are running Linux kernel 3.16.65 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-21931 actively exploited?

No — CVE-2025-21931 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Improper Locking (CWE-667)?

The product does not properly acquire or release a lock, which can lead to unexpected behaviour. View CWE-667 on MITRE CWE →