CVE-2025-40311

Summary

In the Linux kernel, the following vulnerability has been resolved:

accel/habanalabs: support mapping cb with vmalloc-backed coherent memory

When IOMMU is enabled, dma_alloc_coherent() with GFP_USER may return addresses from the vmalloc range. If such an address is mapped without VM_MIXEDMAP, vm_insert_page() will trigger a BUG_ON due to the VM_PFNMAP restriction.

Fix this by checking for vmalloc addresses and setting VM_MIXEDMAP in the VMA before mapping. This ensures safe mapping and avoids kernel crashes. The memory is still driver-allocated and cannot be accessed directly by userspace.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 < 7ec8ac9f73d4a9438c2186768d6de27ace37531eaffected
LinuxLinuxac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 < d1dfe21a332d38a6a09658ec29a55940afb5fe36affected
LinuxLinuxac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 < 73c7c2cdb442fc4160d2a2a4bfffbd162af06cb9affected
LinuxLinuxac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 < 513024d5a0e34fd34247043f1876b6138ca52847affected
LinuxLinux5.8affected
LinuxLinux0 < 5.8unaffected
LinuxLinux6.6.117 <= 6.6.*unaffected
LinuxLinux6.12.58 <= 6.12.*unaffected
LinuxLinux6.17.8 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References