Medium severity5.5NVD Advisory· Published Feb 27, 2025· Updated May 12, 2026
CVE-2025-21728
CVE-2025-21728
Description
In the Linux kernel, the following vulnerability has been resolved:
bpf: Send signals asynchronously if !preemptible
BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep. Change irqs_disabled() to !preemptible().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Linux kernel vulnerability allows BPF programs to call bpf_send_signal() in non-preemptible contexts, potentially causing a kernel panic.
Vulnerability
Description
In the Linux kernel, the bpf_send_signal() kfunc could be invoked from BPF programs running in non-preemptible contexts (e.g., tracepoints or kprobes with preemption disabled). The original check used irqs_disabled(), which is insufficient to detect all sleeping-prohibited contexts, leading to a potential sleep-in-atomic bug. The fix replaces irqs_disabled() with !preemptible() to correctly identify when sleeping is unsafe.
Exploitation
An attacker with the ability to load and execute BPF programs (requiring CAP_BPF or similar privileges) can trigger this vulnerability by running a BPF program in a non-preemptible context and calling bpf_send_signal(). This can cause the kernel to attempt a sleep operation while preemption is disabled, resulting in a kernel panic or undefined behavior.
Impact
Successful exploitation leads to a denial of service (system crash). The CVSS v3 score is 5.5 (Medium), reflecting local access and low privileges. Siemens has listed this CVE in advisories SSA-265688 [1] and SSA-082556 [2], confirming that affected products include SIMATIC S7-1500 TM MFP and CPU families running the GNU/Linux subsystem.
Mitigation
The fix is included in stable kernel updates; the relevant commits are available in the kernel repository [3][4]. Users should apply vendor patches or update to a kernel version containing the fix. Siemens recommends updating the affected products as per their security advisories [1][2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
138- osv-coords136 versionspkg:deb/ubuntu/linux-aws@6.11.0-1014.15?arch=source&distro=oracularpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rvpkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_6&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_6&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_6&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_6&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 6.11.0-1014.15+ 135 more
- (no CPE)range: < 6.11.0-1014.15
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 5.14.0-611.5.1.el9_7
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2.150600.12.18.4
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-15061.21.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.21.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.42.2.150600.12.18.4
- (no CPE)range: < 6.4.0-28.1.21.6
- (no CPE)range: < 6.4.0-28.1.21.6
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-150600.1.3.2
- (no CPE)range: < 1-150600.13.3.4
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-15061.21.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-15061.21.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.23.42.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- git.kernel.org/stable/c/092fc76b7ab4163e008f9cde596a58dad2108260nvdPatch
- git.kernel.org/stable/c/78b97783496b454435639937db3303e900a24d3fnvdPatch
- git.kernel.org/stable/c/87c544108b612512b254c8f79aa5c0a8546e2cc4nvdPatch
- git.kernel.org/stable/c/be42a09fe898635b0093c0c8dac1bfabe225c240nvdPatch
- git.kernel.org/stable/c/ce51eab2070e295d298f42a2f1db269cd1b56d55nvdPatch
- git.kernel.org/stable/c/e306eaaa3d78b462db5f5b11e0171f9d2b6ca3f4nvdPatch
- git.kernel.org/stable/c/eeef8e65041a031bd8a747a392c14b76a123a12cnvdPatch
- git.kernel.org/stable/c/feba1308bc5e8e04cee751d39fae8a9b407a9034nvdPatch
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
- lists.debian.org/debian-lts-announce/2025/03/msg00028.htmlnvd
- lists.debian.org/debian-lts-announce/2025/05/msg00030.htmlnvd
News mentions
0No linked articles in our index yet.