CVE-2025-21872: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2025-21872) was discovered related to the EFI mokvar table handling. The issue was disclosed on March 27, 2025, affecting the Linux kernel's EFI subsystem (NVD).

The vulnerability occurs when validating the mokvar table, where the system remaps the entire table on each iteration of the loop, adding space as new entries are discovered. If the table grows beyond a certain size, the operation fails due to limitations of earlymemmap(), resulting in a failure and traceback. The issue manifests in the efimokvartableinit() function during system initialization (NVD).

When the vulnerability is triggered, it leads to a system failure during the early boot process, potentially preventing the system from properly initializing. This results in a warning message and traceback, affecting the system's ability to properly handle the EFI mokvar configuration table (NVD).

The vulnerability has been resolved by modifying the efimokvartable_init() function to only map each entry header instead of the entire table when determining the table size. Additionally, the fix includes changes to enforce NUL termination of variable names rather than attempting to verify them in place (NVD).