{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21871", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.781Z", "datePublished": "2025-03-27T13:38:23.461Z", "dateUpdated": "2025-05-04T07:22:55.829Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:22:55.829Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it's possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tee/optee/supp.c"], "versions": [{"version": "4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2", "lessThan": "3eb4911364c764572e9db4ab900a57689a54e8ce", "status": "affected", "versionType": "git"}, {"version": "4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2", "lessThan": "0180cf0373f84fff61b16f8c062553a13dd7cfca", "status": "affected", "versionType": "git"}, {"version": "4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2", "lessThan": "c0a9a948159153be145f9471435695373904ee6d", "status": "affected", "versionType": "git"}, {"version": "4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2", "lessThan": "ec18520f5edc20a00c34a8c9fdd6507c355e880f", "status": "affected", "versionType": "git"}, {"version": "4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2", "lessThan": "d61cc1a435e6894bfb0dd3370c6f765d2d12825d", "status": "affected", "versionType": "git"}, {"version": "4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2", "lessThan": "fd9d2d6124c293e40797a080adf8a9c237efd8b8", "status": "affected", "versionType": "git"}, {"version": "4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2", "lessThan": "21234efe2a8474a6d2d01ea9573319de7858ce44", "status": "affected", "versionType": "git"}, {"version": "4fb0a5eb364d239722e745c02aef0dbd4e0f1ad2", "lessThan": "70b0d6b0a199c5a3ee6c72f5e61681ed6f759612", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tee/optee/supp.c"], "versions": [{"version": "4.12", "status": "affected"}, {"version": "0", "lessThan": "4.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.291", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.235", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.179", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.130", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.80", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.17", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.5", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.4.291"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.10.235"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.15.179"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.1.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.6.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.12.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.13.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3eb4911364c764572e9db4ab900a57689a54e8ce"}, {"url": "https://git.kernel.org/stable/c/0180cf0373f84fff61b16f8c062553a13dd7cfca"}, {"url": "https://git.kernel.org/stable/c/c0a9a948159153be145f9471435695373904ee6d"}, {"url": "https://git.kernel.org/stable/c/ec18520f5edc20a00c34a8c9fdd6507c355e880f"}, {"url": "https://git.kernel.org/stable/c/d61cc1a435e6894bfb0dd3370c6f765d2d12825d"}, {"url": "https://git.kernel.org/stable/c/fd9d2d6124c293e40797a080adf8a9c237efd8b8"}, {"url": "https://git.kernel.org/stable/c/21234efe2a8474a6d2d01ea9573319de7858ce44"}, {"url": "https://git.kernel.org/stable/c/70b0d6b0a199c5a3ee6c72f5e61681ed6f759612"}], "title": "tee: optee: Fix supplicant wait loop", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B038092-73B0-4839-99CE-440987948ED1", "versionEndExcluding": "5.4.291", "versionStartIncluding": "4.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "545121FA-DE31-4154-9446-C2000FB4104D", "versionEndExcluding": "5.10.235", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C708062C-4E1B-465F-AE6D-C09C46400875", "versionEndExcluding": "5.15.179", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "26997835-273D-4841-ABD3-4696059AC299", "versionEndExcluding": "6.1.130", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A93F3655-6FAF-43B0-8541-A212998F05B8", "versionEndExcluding": "6.6.80", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15370AEE-6D1C-49C3-8CB7-E889D5F92B6F", "versionEndExcluding": "6.12.17", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "72E69ABB-9015-43A6-87E1-5150383CFFD9", "versionEndExcluding": "6.13.5", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*", "matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it's possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tee: optee: Fix supplicant wait loop OP-TEE supplicant es un daemon de espacio de usuario y es posible que se cuelgue, se bloquee o se elimine en medio del procesamiento de una llamada RPC OP-TEE. Se vuelve m\u00e1s complicado cuando hay un orden de apagado incorrecto del proceso suplicante frente a la aplicaci\u00f3n cliente OP-TEE, lo que puede eventualmente provocar que el sistema se cuelgue esperando el cierre de la aplicaci\u00f3n cliente. Permita que el proceso cliente que espera en el kernel la respuesta del suplicante se elimine en lugar de esperar indefinidamente en un estado imposible de eliminar. Adem\u00e1s, una espera ininterrumpida normal no deber\u00eda haber provocado que se activara el watchdog de tareas colgadas, pero el bucle infinito s\u00ed. Esto soluciona los problemas observados durante el reinicio/apagado del sistema cuando el suplicante se colgaba por alguna raz\u00f3n o se bloqueaba/eliminaba, lo que provocaba que el cliente se colgara en un estado imposible de eliminar. A su vez, provocaba que el sistema quedara en un estado colgado que requer\u00eda un apagado/encendido forzado para recuperarse."}], "id": "CVE-2025-21871", "lastModified": "2025-10-29T21:07:40.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-27T14:15:48.860", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0180cf0373f84fff61b16f8c062553a13dd7cfca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/21234efe2a8474a6d2d01ea9573319de7858ce44"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3eb4911364c764572e9db4ab900a57689a54e8ce"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70b0d6b0a199c5a3ee6c72f5e61681ed6f759612"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c0a9a948159153be145f9471435695373904ee6d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d61cc1a435e6894bfb0dd3370c6f765d2d12825d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ec18520f5edc20a00c34a8c9fdd6507c355e880f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fd9d2d6124c293e40797a080adf8a9c237efd8b8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: tee: optee: Fix supplicant wait loop", "id": "2355333", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355333"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-667", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntee: optee: Fix supplicant wait loop\nOP-TEE supplicant is a user-space daemon and it's possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover."], "name": "CVE-2025-21871", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21871\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21871\nhttps://lore.kernel.org/linux-cve-announce/2025032735-CVE-2025-21871-bb8c@gregkh/T"], "threat_severity": "Moderate"}