CVE-2025-39845
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()
Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure page tables are properly synchronized when calling p*d_populate_kernel().
For 5-level paging, synchronization is performed via pgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so synchronization is instead performed at the P4D level via p4d_populate_kernel().
This fixes intermittent boot failures on systems using 4-level paging and a large amount of persistent memory:
BUG: unable to handle page fault for address: ffffe70000000034 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI RIP: 0010:__init_single_page+0x9/0x6d Call Trace: <TASK> __init_zone_device_page+0x17/0x5d memmap_init_zone_device+0x154/0x1bb pagemap_range+0x2e0/0x40f memremap_pages+0x10b/0x2f0 devm_memremap_pages+0x1e/0x60 dev_dax_probe+0xce/0x2ec [device_dax] dax_bus_probe+0x6d/0xc9 [… snip …] </TASK>
It also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap before sync_global_pgds() [1]:
BUG: unable to handle page fault for address: ffffeb3ff1200000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI Tainted: [W]=WARN RIP: 0010:vmemmap_set_pmd+0xff/0x230 <TASK> vmemmap_populate_hugepages+0x176/0x180 vmemmap_populate+0x34/0x80 __populate_section_memmap+0x41/0x90 sparse_add_section+0x121/0x3e0 __add_pages+0xba/0x150 add_pages+0x1d/0x70 memremap_pages+0x3dc/0x810 devm_memremap_pages+0x1c/0x60 xe_devm_add+0x8b/0x100 [xe] xe_tile_init_noalloc+0x6a/0x70 [xe] xe_device_probe+0x48c/0x740 [xe] [… snip …]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 8d400913c231bd1da74067255816453f96cd35b0 < 744ff519c72de31344a627eaf9b24e9595aae554 | affected |
| Linux | Linux | 8d400913c231bd1da74067255816453f96cd35b0 < 5f761d40ee95d2624f839c90ebeef2d5c55007f5 | affected |
| Linux | Linux | 8d400913c231bd1da74067255816453f96cd35b0 < 26ff568f390a531d1bd792e49f1a401849921960 | affected |
| Linux | Linux | 8d400913c231bd1da74067255816453f96cd35b0 < b7f4051dd3388edd30e9a6077c05c486aa31e0d4 | affected |
| Linux | Linux | 8d400913c231bd1da74067255816453f96cd35b0 < 6bf9473727569e8283c1e2445c7ac42cf4fc9fa9 | affected |
| Linux | Linux | 8d400913c231bd1da74067255816453f96cd35b0 < 6659d027998083fbb6d42a165b0c90dc2e8ba989 | affected |
| Linux | Linux | 5.13 | affected |
| Linux | Linux | 0 < 5.13 | unaffected |
| Linux | Linux | 5.15.192 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.151 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.105 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.46 <= 6.12.* | unaffected |
| Linux | Linux | 6.16.6 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
Additional References
References
- https://git.kernel.org/stable/c/744ff519c72de31344a627eaf9b24e9595aae554
- https://git.kernel.org/stable/c/5f761d40ee95d2624f839c90ebeef2d5c55007f5
- https://git.kernel.org/stable/c/26ff568f390a531d1bd792e49f1a401849921960
- https://git.kernel.org/stable/c/b7f4051dd3388edd30e9a6077c05c486aa31e0d4
- https://git.kernel.org/stable/c/6bf9473727569e8283c1e2445c7ac42cf4fc9fa9
- https://git.kernel.org/stable/c/6659d027998083fbb6d42a165b0c90dc2e8ba989
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.