CVE-2025-39845

Summary

In the Linux kernel, the following vulnerability has been resolved:

x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()

Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure page tables are properly synchronized when calling p*d_populate_kernel().

For 5-level paging, synchronization is performed via pgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so synchronization is instead performed at the P4D level via p4d_populate_kernel().

This fixes intermittent boot failures on systems using 4-level paging and a large amount of persistent memory:

BUG: unable to handle page fault for address: ffffe70000000034 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI RIP: 0010:__init_single_page+0x9/0x6d Call Trace: <TASK> __init_zone_device_page+0x17/0x5d memmap_init_zone_device+0x154/0x1bb pagemap_range+0x2e0/0x40f memremap_pages+0x10b/0x2f0 devm_memremap_pages+0x1e/0x60 dev_dax_probe+0xce/0x2ec [device_dax] dax_bus_probe+0x6d/0xc9 [… snip …] </TASK>

It also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap before sync_global_pgds() [1]:

BUG: unable to handle page fault for address: ffffeb3ff1200000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI Tainted: [W]=WARN RIP: 0010:vmemmap_set_pmd+0xff/0x230 <TASK> vmemmap_populate_hugepages+0x176/0x180 vmemmap_populate+0x34/0x80 __populate_section_memmap+0x41/0x90 sparse_add_section+0x121/0x3e0 __add_pages+0xba/0x150 add_pages+0x1d/0x70 memremap_pages+0x3dc/0x810 devm_memremap_pages+0x1c/0x60 xe_devm_add+0x8b/0x100 [xe] xe_tile_init_noalloc+0x6a/0x70 [xe] xe_device_probe+0x48c/0x740 [xe] [… snip …]

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8d400913c231bd1da74067255816453f96cd35b0 < 744ff519c72de31344a627eaf9b24e9595aae554affected
LinuxLinux8d400913c231bd1da74067255816453f96cd35b0 < 5f761d40ee95d2624f839c90ebeef2d5c55007f5affected
LinuxLinux8d400913c231bd1da74067255816453f96cd35b0 < 26ff568f390a531d1bd792e49f1a401849921960affected
LinuxLinux8d400913c231bd1da74067255816453f96cd35b0 < b7f4051dd3388edd30e9a6077c05c486aa31e0d4affected
LinuxLinux8d400913c231bd1da74067255816453f96cd35b0 < 6bf9473727569e8283c1e2445c7ac42cf4fc9fa9affected
LinuxLinux8d400913c231bd1da74067255816453f96cd35b0 < 6659d027998083fbb6d42a165b0c90dc2e8ba989affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.192 <= 5.15.*unaffected
LinuxLinux6.1.151 <= 6.1.*unaffected
LinuxLinux6.6.105 <= 6.6.*unaffected
LinuxLinux6.12.46 <= 6.12.*unaffected
LinuxLinux6.16.6 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References