CVE-2025-39725

EPSS 0.02%
Published 05.09.2025 17:27:18
Last modified 08.09.2025 16:25:38
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list

In shrink_folio_list(), the hwpoisoned folio may be large folio, which
can't be handled by unmap_poisoned_folio().  For THP, try_to_unmap_one()
must be passed with TTU_SPLIT_HUGE_PMD to split huge PMD first and then
retry.  Without TTU_SPLIT_HUGE_PMD, we will trigger null-ptr deref of
pvmw.pte.  Even we passed TTU_SPLIT_HUGE_PMD, we will trigger a
WARN_ON_ONCE due to the page isn't in swapcache.

Since UCE is rare in real world, and race with reclaimation is more rare,
just skipping the hwpoisoned large folio is enough.  memory_failure() will
handle it if the UCE is triggered again.

This happens when memory reclaim for large folio races with
memory_failure(), and will lead to kernel panic.  The race is as
follows:

cpu0      cpu1
 shrink_folio_list memory_failure
  TestSetPageHWPoison
  unmap_poisoned_folio
  --> trigger BUG_ON due to
  unmap_poisoned_folio couldn't
   handle large folio

[tujinjiang@huawei.com: add comment to unmap_poisoned_folio()]

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 656eaddbc952e1baae2f69281c22debe22140312

Version 1c9798bf8145a92abf45aa9d38a6406d9eb8bdf0

Status affected

Version < c1101113d45838a823188ae25c61af97552a28ae

Version 1b0449544c6482179ac84530b61fc192a6527bfd

Status affected

Version < 9f1e8cd0b7c4c944e9921b52a6661b5eda2705ab

Version 1b0449544c6482179ac84530b61fc192a6527bfd

Status affected

Version 912e9f0300c3564b72a8808db406e313193a37ad

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.15

Status affected

Version < 6.15

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.41

Status unaffected

Version <= 6.15.*

Version 6.15.9

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.05

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/656eaddbc952e1baae2f69281c22debe22140312

https://git.kernel.org/stable/c/c1101113d45838a823188ae25c61af97552a28ae

https://git.kernel.org/stable/c/9f1e8cd0b7c4c944e9921b52a6661b5eda2705ab

https://nvd.nist.gov/vuln/detail/CVE-2025-39725

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39725

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39725

EUVD