CVE-2025-21866: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's PowerPC code-patching infrastructure was discovered, identified as CVE-2025-21866. The issue was found when a KASAN (Kernel Address Sanitizer) hit occurred while booting a PowerMac G4 with a KASAN-enabled kernel 6.13-rc6. The vulnerability affects Linux kernel versions from 6.13 to 6.13.5, 6.2 to 6.6.80, and 6.7 onwards (NVD).

The vulnerability stems from incorrectly flagging text patching area as VMALLOC in the PowerPC code-patching infrastructure. The text patching infrastructure allocates a virtual memory area using getvmarea() and flags it as VMALLOC, but this flag is specifically meant for vmalloc() allocated memory. The issue went undetected until the implementation of copyfrom/tokernelnofault instrumentation. The area allocated by textareacpuup() is not vmalloc memory but is instead mapped directly on demand when needed by mapkernelpage(). The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability results in a KASAN hit reporting vmalloc-out-of-bounds access in copytokernel_nofault, which can lead to system instability. The issue specifically affects PowerPC systems and can cause kernel warnings and potential system crashes when using KASAN-enabled kernels (NVD).

The fix involves modifying the getvmarea() call to not use the VM_ALLOC flag, instead passing 0 as the flag parameter. This ensures the area will be unpoisoned and usable immediately. The fix has been implemented in the Linux kernel through various patches (Kernel Patch).