CVE-2025-38686
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry
When UFFDIO_MOVE encounters a migration PMD entry, it proceeds with obtaining a folio and accessing it even though the entry is swp_entry_t. Add the missing check and let split_huge_pmd() handle migration entries. While at it also remove unnecessary folio check.
[surenb@google.com: remove extra folio check, per David]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | adef440691bab824e39c1b17382322d195e1fab0 < bb81c18dbd42650c844e160cafa7cbb20243a96a | affected |
| Linux | Linux | adef440691bab824e39c1b17382322d195e1fab0 < 1202abad7a7ccd28c426d2844771a387b07629a4 | affected |
| Linux | Linux | adef440691bab824e39c1b17382322d195e1fab0 < 7f1101a0a181243ad587ececdffc4845f035549f | affected |
| Linux | Linux | adef440691bab824e39c1b17382322d195e1fab0 < aba6faec0103ed8f169be8dce2ead41fcb689446 | affected |
| Linux | Linux | 6.8 | affected |
| Linux | Linux | 0 < 6.8 | unaffected |
| Linux | Linux | 6.12.43 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.11 <= 6.15.* | unaffected |
| Linux | Linux | 6.16.2 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/bb81c18dbd42650c844e160cafa7cbb20243a96a
- https://git.kernel.org/stable/c/1202abad7a7ccd28c426d2844771a387b07629a4
- https://git.kernel.org/stable/c/7f1101a0a181243ad587ececdffc4845f035549f
- https://git.kernel.org/stable/c/aba6faec0103ed8f169be8dce2ead41fcb689446
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.