CVE-2025-39899

EPSS 0.02%
Published 01.10.2025 08:15:32
Last modified 02.10.2025 19:12:17
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE

With CONFIG_HIGHPTE on 32-bit ARM, move_pages_pte() maps PTE pages using
kmap_local_page(), which requires unmapping in Last-In-First-Out order.

The current code maps dst_pte first, then src_pte, but unmaps them in the
same order (dst_pte, src_pte), violating the LIFO requirement.  This
causes the warning in kunmap_local_indexed():

  WARNING: CPU: 0 PID: 604 at mm/highmem.c:622 kunmap_local_indexed+0x178/0x17c
  addr \!= __fix_to_virt(FIX_KMAP_BEGIN + idx)

Fix this by reversing the unmap order to respect LIFO ordering.

This issue follows the same pattern as similar fixes:
- commit eca6828403b8 ("crypto: skcipher - fix mismatch between mapping and unmapping order")
- commit 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename")

Both of which addressed the same fundamental requirement that kmap_local
operations must follow LIFO ordering.

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < b051f707018967ea8f697d790a1ed8c443f63812

Version adef440691bab824e39c1b17382322d195e1fab0

Status affected

Version < bd1ee62759d0bd4d6b909731c076c230ac89d61e

Version adef440691bab824e39c1b17382322d195e1fab0

Status affected

Version < 9614d8bee66387501f48718fa306e17f2aa3f2f3

Version adef440691bab824e39c1b17382322d195e1fab0

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.8

Status affected

Version < 6.8

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.46

Status unaffected

Version <= 6.16.*

Version 6.16.6

Status unaffected

Version <= *

Version 6.17

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.044

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/9614d8bee66387501f48718fa306e17f2aa3f2f3

https://git.kernel.org/stable/c/b051f707018967ea8f697d790a1ed8c443f63812

https://git.kernel.org/stable/c/bd1ee62759d0bd4d6b909731c076c230ac89d61e

https://nvd.nist.gov/vuln/detail/CVE-2025-39899

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39899

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39899

EUVD