5.5
CVE-2025-22015
- EPSS 0.02%
- Veröffentlicht 08.04.2025 08:18:05
- Zuletzt bearbeitet 03.11.2025 20:17:37
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It leads to xarray multi-index entry corruption, since it turns a sibling entry to a normal entry during xas_store() (see [1] for a userspace reproduction). Fix it by only using folio_test_swapcache() to determine whether xarray is storing swap cache entries or not to choose the right number of xarray entries to update. [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ Note: In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used to get swap_cache address space, but that ignores the shmem folio in swap cache case. It could lead to NULL pointer dereferencing when a in-swap-cache shmem folio is split at __xa_store(), since !folio_test_anon() is true and folio->mapping is NULL. But fortunately, its caller split_huge_page_to_list_to_order() bails out early with EBUSY when folio->mapping is NULL. So no need to take care of it here.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.1.71 < 6.1.132
Linux ≫ Linux Kernel Version >= 6.6.10 < 6.6.85
Linux ≫ Linux Kernel Version >= 6.7.1 < 6.12.21
Linux ≫ Linux Kernel Version >= 6.13 < 6.13.9
Linux ≫ Linux Kernel Version6.7 Update-
Linux ≫ Linux Kernel Version6.7 Updaterc8
Linux ≫ Linux Kernel Version6.14 Updaterc1
Linux ≫ Linux Kernel Version6.14 Updaterc2
Linux ≫ Linux Kernel Version6.14 Updaterc3
Linux ≫ Linux Kernel Version6.14 Updaterc4
Linux ≫ Linux Kernel Version6.14 Updaterc5
Linux ≫ Linux Kernel Version6.14 Updaterc6
Linux ≫ Linux Kernel Version6.14 Updaterc7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.049 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.