CVE-2025-39836

Summary

In the Linux kernel, the following vulnerability has been resolved:

efi: stmm: Fix incorrect buffer allocation method

The communication buffer allocated by setup_mm_hdr() is later on passed to tee_shm_register_kernel_buf(). The latter expects those buffers to be contiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause various corruptions or BUGs, specifically since commit 9aec2fb0fd5e ("slab: allocate frozen pages"), though it was broken before as well.

Fix this by using alloc_pages_exact() instead of kmalloc().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc44b6be62e8dd4ee0a308c36a70620613e6fc55f < 77ff27ff0e4529a003c8a1c2492c111968c378d3affected
LinuxLinuxc44b6be62e8dd4ee0a308c36a70620613e6fc55f < 630c0e6064daf84f17aad1a7d9ca76b562e3fe47affected
LinuxLinuxc44b6be62e8dd4ee0a308c36a70620613e6fc55f < c5e81e672699e0c5557b2b755cc8f7a69aa92bffaffected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.12.45 <= 6.12.*unaffected
LinuxLinux6.16.5 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References