CVE-2025-21767

In the Linux kernel, the following vulnerability has been resolved:

clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context

The following bug report happened with a PREEMPT_RT kernel:

  BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
  in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog
  preempt_count: 1, expected: 0
  RCU nest depth: 0, expected: 0
  get_random_u32+0x4f/0x110
  clocksource_verify_choose_cpus+0xab/0x1a0
  clocksource_verify_percpu.part.0+0x6b/0x330
  clocksource_watchdog_kthread+0x193/0x1a0

It is due to the fact that clocksource_verify_choose_cpus() is invoked with
preemption disabled.  This function invokes get_random_u32() to obtain
random numbers for choosing CPUs.  The batched_entropy_32 local lock and/or
the base_crng.lock spinlock in driver/char/random.c will be acquired during
the call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot
be acquired in atomic context.

Fix this problem by using migrate_disable() to allow smp_processor_id() to
be reliably used without introducing atomic context. preempt_disable() is
then called after clocksource_verify_choose_cpus() but before the
clocksource measurement is being run to avoid introducing unexpected
latency.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
5.10.237-1
fixed
bookworm
6.1.137-1
fixed
bookworm (security)
6.1.140-1
fixed
trixie
6.12.27-1
fixed
sid
6.12.30-1
fixed
linux-6.1
bullseye (security)
6.1.137-1~deb11u1
fixed
References
https://git.kernel.org/stable/c/0fb534187d2355f6c8f995321e76d1ccd1262ac1
https://git.kernel.org/stable/c/60f54f0d4ea530950549a8263e6fdd70a40490a4
https://git.kernel.org/stable/c/6bb05a33337b2c842373857b63de5c9bf1ae2a09
https://git.kernel.org/stable/c/852805b6cbdb69c298a8fc9fbe79994c95106e04
https://git.kernel.org/stable/c/8783ceeee797d9aa9cfe150690fb9d0bac8cc459
https://git.kernel.org/stable/c/cc3d79e7c806cb57d71c28a4a35e7d7fb3265faa
https://git.kernel.org/stable/c/d9c217fadfcff7a8df58567517d1e4253f3fd243