CVE-2025-40311
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
accel/habanalabs: support mapping cb with vmalloc-backed coherent memory
When IOMMU is enabled, dma_alloc_coherent() with GFP_USER may return addresses from the vmalloc range. If such an address is mapped without VM_MIXEDMAP, vm_insert_page() will trigger a BUG_ON due to the VM_PFNMAP restriction.
Fix this by checking for vmalloc addresses and setting VM_MIXEDMAP in the VMA before mapping. This ensures safe mapping and avoids kernel crashes. The memory is still driver-allocated and cannot be accessed directly by userspace.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | ac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 < 7ec8ac9f73d4a9438c2186768d6de27ace37531e | affected |
| Linux | Linux | ac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 < d1dfe21a332d38a6a09658ec29a55940afb5fe36 | affected |
| Linux | Linux | ac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 < 73c7c2cdb442fc4160d2a2a4bfffbd162af06cb9 | affected |
| Linux | Linux | ac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 < 513024d5a0e34fd34247043f1876b6138ca52847 | affected |
| Linux | Linux | 5.8 | affected |
| Linux | Linux | 0 < 5.8 | unaffected |
| Linux | Linux | 6.6.117 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.58 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.8 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/7ec8ac9f73d4a9438c2186768d6de27ace37531e
- https://git.kernel.org/stable/c/d1dfe21a332d38a6a09658ec29a55940afb5fe36
- https://git.kernel.org/stable/c/73c7c2cdb442fc4160d2a2a4bfffbd162af06cb9
- https://git.kernel.org/stable/c/513024d5a0e34fd34247043f1876b6138ca52847
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.