CVE-2025-68293
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: fix NULL pointer deference when splitting folio
Commit c010d47f107f ("mm: thp: split huge page to any lower order pages") introduced an early check on the folio's order via mapping->flags before proceeding with the split work.
This check introduced a bug: for shmem folios in the swap cache and truncated folios, the mapping pointer can be NULL. Accessing mapping->flags in this state leads directly to a NULL pointer dereference.
This commit fixes the issue by moving the check for mapping != NULL before any attempt to access mapping->flags.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | c010d47f107f609b9f4d6a103b6dfc53889049e9 < 592db83615a9f0164472ec789c2ed34ad35f732f | affected |
| Linux | Linux | c010d47f107f609b9f4d6a103b6dfc53889049e9 < d1b83fbacd4397a1d2f8c6b13427a8636ae2b307 | affected |
| Linux | Linux | c010d47f107f609b9f4d6a103b6dfc53889049e9 < cff47b9e39a6abf03dde5f4f156f841b0c54bba0 | affected |
| Linux | Linux | 6.9 | affected |
| Linux | Linux | 0 < 6.9 | unaffected |
| Linux | Linux | 6.12.61 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.11 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/592db83615a9f0164472ec789c2ed34ad35f732f
- https://git.kernel.org/stable/c/d1b83fbacd4397a1d2f8c6b13427a8636ae2b307
- https://git.kernel.org/stable/c/cff47b9e39a6abf03dde5f4f156f841b0c54bba0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.