{"vulnerability": "cve-2025-2181", "sightings": [{"uuid": "d4a73cb1-cac2-4f35-a3eb-edf4cf6f9b55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21818", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj6v7ybekg2t", "content": "", "creation_timestamp": "2025-02-27T21:58:56.933975Z"}, {"uuid": "4604caa5-389b-4f1d-8293-0b2b66a448a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21817", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj6v7yqr6a2w", "content": "", "creation_timestamp": "2025-02-27T21:58:58.307566Z"}, {"uuid": "728c8518-4b0c-434c-b73e-1c329b8e9d2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21816", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj6v7z3vor2w", "content": "", "creation_timestamp": "2025-02-27T21:59:00.037070Z"}, {"uuid": "e3960b52-b898-4c13-a751-0bc111ebb881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21815", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj6v7z7nly2v", "content": "", "creation_timestamp": "2025-02-27T21:59:00.604444Z"}, {"uuid": "cbe5349f-3431-4c9e-bd9d-03a87ab1d41e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21819", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj6v7zd23q26", "content": "", "creation_timestamp": "2025-02-27T21:59:01.203620Z"}, {"uuid": "f38a53e9-139f-4ec1-8dd8-489a9c733a4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21811", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114080005057814812", "content": "", "creation_timestamp": "2025-02-28T06:05:33.834587Z"}, {"uuid": "0f43fdb6-70a6-4194-89c6-328cf0b626d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21813", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lojvjhxzy22t", "content": "", "creation_timestamp": "2025-05-06T22:09:33.927408Z"}, {"uuid": "0fdf6e32-e422-4f55-8394-0c5c57e0ac4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2181", "type": "seen", "source": "https://security.paloaltonetworks.com/CVE-2025-2181", "content": "", "creation_timestamp": "2025-08-13T14:00:00.000000Z"}, {"uuid": "82b23f41-1299-4748-b816-30436026b3d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2181", "type": "seen", "source": "https://bsky.app/profile/ripjyr.bsky.social/post/3lwcjbynckf2f", "content": "", "creation_timestamp": "2025-08-13T19:03:29.720285Z"}, {"uuid": "d687f546-356d-46d7-9052-c1eb19c7e1d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21812", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "017b4dff-8d2c-428f-aec7-27fca6775f48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21816", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "e327b746-9e67-47f8-b6f4-33c7abc8acbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21819", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "5689ae61-b4d3-4be6-a760-b5bb35780086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21812", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "f2c11699-a953-47ee-8527-c94280e193ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21816", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "dda81c76-3102-416d-b799-8bae567713f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21817", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "85315876-ee15-472f-ad32-6f0228782ddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21819", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "f67e25e6-0ff0-4cae-8ed1-de0db080f603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-21812", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "ae4fab3f-6959-4719-80fe-e0e8023b5552", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-21816", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "9877a03d-4532-4db6-96b6-22b41261b7fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21817", "type": "seen", "source": "https://t.me/cvedetector/19085", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21817 - \"Linux Kernel Block Memory Allocation Deadlock\"\", \n  \"Content\": \"CVE ID : CVE-2025-21817 \nPublished : Feb. 27, 2025, 8:16 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nblock: mark GFP_NOIO around sysfs ->store()  \n  \nsysfs ->store is called with queue freezed, meantime we have several  \n->store() callbacks(update_nr_requests, wbt, scheduler) to allocate  \nmemory with GFP_KERNEL which may run into direct reclaim code path,  \nthen potential deadlock can be caused.  \n  \nFix the issue by marking NOIO around sysfs ->store() \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T23:27:01.000000Z"}, {"uuid": "39c8deef-9bdd-4e72-a2d8-3d4187b674bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21816", "type": "seen", "source": "https://t.me/cvedetector/19090", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21816 - Linux Kernel Hrtimers CPU Hotplug Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21816 \nPublished : Feb. 27, 2025, 8:16 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nhrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING  \n  \nhrtimers are migrated away from the dying CPU to any online target at  \nthe CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers  \nhandling tasks involved in the CPU hotplug forward progress.  \n  \nHowever wakeups can still be performed by the outgoing CPU after  \nCPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being  \narmed. Depending on several considerations (crystal ball power management  \nbased election, earliest timer already enqueued, timer migration enabled or  \nnot), the target may eventually be the current CPU even if offline. If that  \nhappens, the timer is eventually ignored.  \n  \nThe most notable example is RCU which had to deal with each and every of  \nthose wake-ups by deferring them to an online CPU, along with related  \nworkarounds:  \n  \n_ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying)  \n_ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU)  \n_ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq)  \n  \nThe problem isn't confined to RCU though as the stop machine kthread  \n(which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end  \nof its work through cpu_stop_signal_done() and performs a wake up that  \neventually arms the deadline server timer:  \n  \n   WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0  \n   CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted  \n   Stopper: multi_cpu_stop+0x0/0x120 <-\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T23:27:08.000000Z"}, {"uuid": "35dc6558-d9aa-4bf8-b640-50e65515ae8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21815", "type": "seen", "source": "https://t.me/cvedetector/19089", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21815 - Linux Kernel Shift Out-of-Bounds Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21815 \nPublished : Feb. 27, 2025, 8:16 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nmm/compaction: fix UBSAN shift-out-of-bounds warning  \n  \nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL <<\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T23:27:07.000000Z"}, {"uuid": "11bd01cb-c13f-4252-9091-132731b9549b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21819", "type": "seen", "source": "https://t.me/cvedetector/19083", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21819 - AMD Display System Hang Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21819 \nPublished : Feb. 27, 2025, 8:16 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"  \n  \nThis reverts commit  \na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")  \n  \nBecause it may cause system hang while connect with two edp panel. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T23:26:59.000000Z"}, {"uuid": "b3c76594-5630-423e-a8a1-cf436a2d8d28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21818", "type": "seen", "source": "https://t.me/cvedetector/19081", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21818 - Xen Linux XenPVH Guest Register Clobber Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21818 \nPublished : Feb. 27, 2025, 8:16 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nx86/xen: fix xen_hypercall_hvm() to not clobber %rbx  \n  \nxen_hypercall_hvm(), which is used when running as a Xen PVH guest at  \nmost only once during early boot, is clobbering %rbx. Depending on  \nwhether the caller relies on %rbx to be preserved across the call or  \nnot, this clobbering might result in an early crash of the system.  \n  \nThis can be avoided by using an already saved register instead of %rbx. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T23:26:55.000000Z"}, {"uuid": "63c52a27-e193-4909-b74e-8f246e1f2786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21819", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5789", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21819\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.\n\ud83d\udccf Published: 2025-02-27T20:04:17.284Z\n\ud83d\udccf Modified: 2025-02-27T20:04:17.284Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/915697c2e69ac8d14dad498e6d6f43dbb7de3787\n2. https://git.kernel.org/stable/c/dcc3f2c06d80da39eee742b51ddf0781affb260c\n3. https://git.kernel.org/stable/c/95c75578c420110c43791295985abb961d6dc033\n4. https://git.kernel.org/stable/c/a978864653e45d2671f99b09afcc1110e45d3dd9\n5. https://git.kernel.org/stable/c/f245b400a223a71d6d5f4c72a2cb9b573a7fc2b6", "creation_timestamp": "2025-02-27T20:25:54.000000Z"}, {"uuid": "a8e6fbe8-4861-4ce6-af48-d7821c627170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21818", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5790", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21818\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: fix xen_hypercall_hvm() to not clobber %rbx\n\nxen_hypercall_hvm(), which is used when running as a Xen PVH guest at\nmost only once during early boot, is clobbering %rbx. Depending on\nwhether the caller relies on %rbx to be preserved across the call or\nnot, this clobbering might result in an early crash of the system.\n\nThis can be avoided by using an already saved register instead of %rbx.\n\ud83d\udccf Published: 2025-02-27T20:04:16.619Z\n\ud83d\udccf Modified: 2025-02-27T20:04:16.619Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/522d726824cc570e0b6bf0b3af4d5a826f1b17c5\n2. https://git.kernel.org/stable/c/242f7584da3ad041a9db809d33d27a8be8eccc29\n3. https://git.kernel.org/stable/c/4890a0858c09d96f3234a8f94663de80a7201bc4\n4. https://git.kernel.org/stable/c/23f6f420cd727d641f95478fcf3bbbee41e4e5d6\n5. https://git.kernel.org/stable/c/98a5cfd2320966f40fe049a9855f8787f0126825", "creation_timestamp": "2025-02-27T20:25:55.000000Z"}, {"uuid": "92ba90f2-b993-475c-8bd8-4a2ab02869a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21817", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18862", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21817\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nblock: mark GFP_NOIO around sysfs ->store()\n\nsysfs ->store is called with queue freezed, meantime we have several\n->store() callbacks(update_nr_requests, wbt, scheduler) to allocate\nmemory with GFP_KERNEL which may run into direct reclaim code path,\nthen potential deadlock can be caused.\n\nFix the issue by marking NOIO around sysfs ->store()\n\ud83d\udccf Published: 2025-02-27T20:04:15.988Z\n\ud83d\udccf Modified: 2025-06-19T12:56:45.920Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/2566ce907e5d5db8a039647208e029ce559baa31\n2. https://git.kernel.org/stable/c/7c0be4ead1f8f5f8be0803f347de0de81e3b8e1c", "creation_timestamp": "2025-06-19T13:39:55.000000Z"}]}