CVE-2025-21871: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21871 was discovered in the Linux kernel, specifically affecting the OP-TEE (Open Portable Trusted Execution Environment) supplicant functionality. The vulnerability was disclosed on March 27, 2025, and involves issues with the tee optee supplicant wait loop (NVD Database).

The vulnerability exists in the OP-TEE supplicant, which is a user-space daemon that can become hung, crashed, or killed during the processing of an OP-TEE RPC call. The issue is particularly problematic when there is incorrect shutdown ordering between the supplicant process and the OP-TEE client application. This can result in the client process becoming stuck in an unkillable state while waiting for supplicant response. Additionally, a normal uninterruptible wait should not trigger the hung-task watchdog, but the endless loop would (NVD Database).

When exploited, this vulnerability can lead to system hang-up situations during system reboot or shutdown when the supplicant becomes hung, crashed, or killed. This results in the client becoming stuck in an unkillable state, which in turn causes the system to become hung up. In such cases, a hard power off/on cycle is required to recover the system (NVD Database).

The fix implemented allows the client process waiting in the kernel for supplicant response to be killed rather than indefinitely waiting in an unkillable state. This modification prevents the system from entering an unrecoverable hung state (NVD Database).