CVE-2025-40174
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix SMP ordering in switch_mm_irqs_off()
Stephen noted that it is possible to not have an smp_mb() between the loaded_mm store and the tlb_gen load in switch_mm(), meaning the ordering against flush_tlb_mm_range() goes out the window, and it becomes possible for switch_mm() to not observe a recent tlb_gen update and fail to flush the TLBs.
[ dhansen: merge conflict fixed by Ingo ]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 209954cbc7d0ce1a190fc725d20ce303d74d2680 < 0fe5e3f5fb75c5d88dad24dece3ee75e9d87adeb | affected |
| Linux | Linux | 209954cbc7d0ce1a190fc725d20ce303d74d2680 < 83b0177a6c4889b3a6e865da5e21b2c9d97d0551 | affected |
| Linux | Linux | 6.14 | affected |
| Linux | Linux | 0 < 6.14 | unaffected |
| Linux | Linux | 6.17.5 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/0fe5e3f5fb75c5d88dad24dece3ee75e9d87adeb
- https://git.kernel.org/stable/c/83b0177a6c4889b3a6e865da5e21b2c9d97d0551
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.