| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120452-CVE-2025-40218-d4dc@gregkh> Date: Thu, 4 Dec 2025 15:50:52 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40218: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table walk callback function. This is for reading and writing page table accessed bits. If pte_offset_map_lock() fails, it retries by returning the page table walk callback function with ACTION_AGAIN. pte_offset_map_lock() can continuously fail if the target is a pmd migration entry, though. Hence it could cause an infinite page table walk if the migration cannot be done until the page table walk is finished. This indeed caused a soft lockup when CPU hotplugging and DAMON were running in parallel. Avoid the infinite loop by simply not retrying the page table walk. DAMON is promising only a best-effort accuracy, so missing access to such pages is no problem. The Linux kernel CVE team has assigned CVE-2025-40218 to this issue. Affected and fixed versions =========================== Issue introduced in 6.5 with commit 7780d04046a2288ab85d88bedacc60fa4fad9971 and fixed in 6.6.113 with commit 677ebfe5d00f94adec0c0204f6e6e2a82d3f77bf Issue introduced in 6.5 with commit 7780d04046a2288ab85d88bedacc60fa4fad9971 and fixed in 6.12.54 with commit ac42320ec873bfe726141069cfdd90ee5bc4e885 Issue introduced in 6.5 with commit 7780d04046a2288ab85d88bedacc60fa4fad9971 and fixed in 6.17.4 with commit 0ccd91cf749536d41307a07e60ec14ab0dbf21f5 Issue introduced in 6.5 with commit 7780d04046a2288ab85d88bedacc60fa4fad9971 and fixed in 6.18 with commit b93af2cc8e036754c0d9970d9ddc47f43cc94b9f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40218 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: mm/damon/vaddr.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/677ebfe5d00f94adec0c0204f6e6e2a82d3f77bf https://git.kernel.org/stable/c/ac42320ec873bfe726141069cfdd90ee5bc4e885 https://git.kernel.org/stable/c/0ccd91cf749536d41307a07e60ec14ab0dbf21f5 https://git.kernel.org/stable/c/b93af2cc8e036754c0d9970d9ddc47f43cc94b9f
Powered by blists - more mailing lists