CVE-2025-68293

Summary

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: fix NULL pointer deference when splitting folio

Commit c010d47f107f ("mm: thp: split huge page to any lower order pages") introduced an early check on the folio's order via mapping->flags before proceeding with the split work.

This check introduced a bug: for shmem folios in the swap cache and truncated folios, the mapping pointer can be NULL. Accessing mapping->flags in this state leads directly to a NULL pointer dereference.

This commit fixes the issue by moving the check for mapping != NULL before any attempt to access mapping->flags.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc010d47f107f609b9f4d6a103b6dfc53889049e9 < 592db83615a9f0164472ec789c2ed34ad35f732faffected
LinuxLinuxc010d47f107f609b9f4d6a103b6dfc53889049e9 < d1b83fbacd4397a1d2f8c6b13427a8636ae2b307affected
LinuxLinuxc010d47f107f609b9f4d6a103b6dfc53889049e9 < cff47b9e39a6abf03dde5f4f156f841b0c54bba0affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.12.61 <= 6.12.*unaffected
LinuxLinux6.17.11 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References