5.5

CVE-2025-22045

EPSS 0.1%
Veröffentlicht 16.04.2025 14:12:05
Zuletzt bearbeitet 03.11.2025 20:17:39
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs

In the Linux kernel, the following vulnerability has been resolved:

x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs

On the following path, flush_tlb_range() can be used for zapping normal
PMD entries (PMD entries that point to page tables) together with the PTE
entries in the pointed-to page table:

    collapse_pte_mapped_thp
      pmdp_collapse_flush
        flush_tlb_range

The arm64 version of flush_tlb_range() has a comment describing that it can
be used for page table removal, and does not use any last-level
invalidation optimizations. Fix the X86 version by making it behave the
same way.

Currently, X86 only uses this information for the following two purposes,
which I think means the issue doesn't have much impact:

 - In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be
   IPI'd to avoid issues with speculative page table walks.
 - In Hyper-V TLB paravirtualization, again for lazy TLB stuff.

The patch "x86/mm: only invalidate final translations with INVLPGB" which
is currently under review (see
<https://lore.kernel.org/all/20241230175550.4046587-13-riel@surriel.com/>)
would probably be making the impact of this a lot worse.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

NVD 8 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.292

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.236

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.180

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.134

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.87

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.23

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.11

Linux ≫ Linux Kernel Version >= 6.14 < 6.14.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.283

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/618d5612ecb7bfc1c85342daafeb2b47e29e77a3

Patch

https://git.kernel.org/stable/c/556d446068f90981e5d71ca686bdaccdd545d491

Patch

https://git.kernel.org/stable/c/0a8f806ea6b5dd64b3d1f05ff774817d5f7ddbd1

Patch

https://git.kernel.org/stable/c/0708fd6bd8161871bfbadced2ca4319b84ab44fe

Patch

https://git.kernel.org/stable/c/7085895c59e4057ffae17f58990ccb630087d0d2

Patch

https://git.kernel.org/stable/c/93224deb50a8d20df3884f3672ce9f982129aa50

Patch

https://git.kernel.org/stable/c/320ac1af4c0bdb92c864dc9250d1329234820edf

Patch

https://git.kernel.org/stable/c/78d6f9a9eb2a5da6fcbd76d6191d24b0dcc321be

Patch

https://git.kernel.org/stable/c/3ef938c3503563bfc2ac15083557f880d29c2e64

Patch

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

https://nvd.nist.gov/vuln/detail/CVE-2025-22045

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-22045

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-22045

EUVD