CVE-2025-40174

Summary

In the Linux kernel, the following vulnerability has been resolved:

x86/mm: Fix SMP ordering in switch_mm_irqs_off()

Stephen noted that it is possible to not have an smp_mb() between the loaded_mm store and the tlb_gen load in switch_mm(), meaning the ordering against flush_tlb_mm_range() goes out the window, and it becomes possible for switch_mm() to not observe a recent tlb_gen update and fail to flush the TLBs.

[ dhansen: merge conflict fixed by Ingo ]

Affected Software

VendorProductVersion RangeStatus
LinuxLinux209954cbc7d0ce1a190fc725d20ce303d74d2680 < 0fe5e3f5fb75c5d88dad24dece3ee75e9d87adebaffected
LinuxLinux209954cbc7d0ce1a190fc725d20ce303d74d2680 < 83b0177a6c4889b3a6e865da5e21b2c9d97d0551affected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.17.5 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References