CVE-2025-39836
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi: stmm: Fix incorrect buffer allocation method
The communication buffer allocated by setup_mm_hdr() is later on passed to tee_shm_register_kernel_buf(). The latter expects those buffers to be contiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause various corruptions or BUGs, specifically since commit 9aec2fb0fd5e ("slab: allocate frozen pages"), though it was broken before as well.
Fix this by using alloc_pages_exact() instead of kmalloc().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | c44b6be62e8dd4ee0a308c36a70620613e6fc55f < 77ff27ff0e4529a003c8a1c2492c111968c378d3 | affected |
| Linux | Linux | c44b6be62e8dd4ee0a308c36a70620613e6fc55f < 630c0e6064daf84f17aad1a7d9ca76b562e3fe47 | affected |
| Linux | Linux | c44b6be62e8dd4ee0a308c36a70620613e6fc55f < c5e81e672699e0c5557b2b755cc8f7a69aa92bff | affected |
| Linux | Linux | 6.8 | affected |
| Linux | Linux | 0 < 6.8 | unaffected |
| Linux | Linux | 6.12.45 <= 6.12.* | unaffected |
| Linux | Linux | 6.16.5 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://git.kernel.org/stable/c/77ff27ff0e4529a003c8a1c2492c111968c378d3
- https://git.kernel.org/stable/c/630c0e6064daf84f17aad1a7d9ca76b562e3fe47
- https://git.kernel.org/stable/c/c5e81e672699e0c5557b2b755cc8f7a69aa92bff
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.