CVE-2025-21869

CVE-2025-21869 is a vulnerability in the Linux kernel's powerpc code-patching subsystem, specifically involving improper handling of KASAN (Kernel Address Sanitizer) reports during instruction patching with a temporary memory management context for Radix MMU. The issue manifests as a user-memory-access write violation detected by KASAN in the copy_to_kernel_nofault function, triggered during BPF JIT compilation. It affects powerpc architectures, such as POWER9 on systems like Talos II, and was observed in kernel version 6.13. The vulnerability stems from commits that introduced temporary mm usage and batched instruction patching without disabling KASAN checks, leading to accesses to kernel-like memory mapped in user address space. It is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), as indicated by the CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Exploitation occurs by loading a BPF program via the sys_bpf syscall, which invokes bpf_int_jit_compile, bpf_jit_binary_pack_finalize, and ultimately patch_instructions on powerpc. This triggers the faulty copy_to_kernel_nofault operation during code patching, potentially allowing high-impact confidentiality, integrity, and availability violations, such as kernel memory corruption or arbitrary code execution.

Kernel patches addressing this issue are available in stable trees via the referenced commits: 5980d4456dd66d1b6505d5ec15048bd87e8775e0, dc9c5166c3cb044f8a001e397195242fd6796eee, and ea291447a4031f3dac5c23d55bc83fe833820d84. These patches disable KASAN reports during patching operations using temporary mm to prevent the invalid memory access detection while ensuring safe instruction patching. Security practitioners should update affected powerpc Linux kernels to incorporate these fixes.