CVE-2025-21778: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21778 affects the Linux kernel's tracing subsystem. The vulnerability was discovered in February 2025 and relates to an issue where attempting to mmap() a trace instance buffer that is attached to reserve_mem would cause a system crash. This vulnerability affects the kernel's tracing functionality, specifically when dealing with persistent ring buffers (Kernel Git).

The vulnerability stems from an incompatibility between virttopage() and vmap()'d memory in the ring buffer implementation. When the code attempts to map ring buffer pages to user space using page = virt_to_page((void *)cpu_buffer->subbuf_ids[s]) followed by vm_insert_pages(vma, vma->vm_start, pages, &nr_pages), it fails because virttopage() does not work with vmap()'d memory used by the persistent ring buffer. This results in a page fault in kernel mode with error code 0x0000 (not-present page) (Kernel Git).

When exploited, this vulnerability causes a kernel crash (Oops) when attempting to mmap a trace instance buffer attached to reserve_mem. This can lead to system instability and potential denial of service conditions (Kernel Git).

The issue has been fixed by disabling mmap() operations on instances that have their ring buffer from the reservemem option. When an mmap() is attempted on a persistent buffer, it now returns -ENODEV, similar to cases where the .mmap field isn't defined in the fileoperations structure. The fix was implemented in the kernel source through a patch that adds a check for TRACEARRAYFL_BOOT flag (Kernel Git).