CVE-2025-22010: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22010 is a vulnerability discovered in the Linux kernel affecting the RDMA/hns driver. The issue was disclosed on April 8, 2025, and involves a soft lockup condition that occurs during bt pages loop allocation. This vulnerability affects multiple versions of the Linux kernel, including versions from 5.3 to 6.14-rc7 (NVD).

The vulnerability occurs when the driver runs a for-loop while allocating bt pages and mapping them with buffer pages. When allocating large buffers (over 100GB), the considerable loop count can trigger a soft lockup condition. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability. The vulnerability is classified as CWE-667 (Improper Locking) (NVD).

The primary impact of this vulnerability is a denial of service condition through CPU soft lockup. When triggered, it can cause affected CPUs to become unresponsive for extended periods (observed up to 22-23 seconds), potentially impacting system availability and performance (NVD).

The vulnerability has been fixed by adding a condresched() call to prevent soft lockup during the loops. The fix implements a threshold based on the loop count of a 100GB MR to determine when to call condresched(), balancing system stability with allocation performance for normal-sized buffers. Multiple Linux distributions have released patches to address this issue (Debian Security).