CVE-2025-40199

EPSS 0.02%
Veröffentlicht 12.11.2025 21:56:33
Zuletzt bearbeitet 14.11.2025 16:42:30
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches

Helge reported that the introduction of PP_MAGIC_MASK let to crashes on
boot on his 32-bit parisc machine. The cause of this is the mask is set
too wide, so the page_pool_page_is_pp() incurs false positives which
crashes the machine.

Just disabling the check in page_pool_is_pp() will lead to the page_pool
code itself malfunctioning; so instead of doing this, this patch changes
the define for PP_DMA_INDEX_BITS to avoid mistaking arbitrary kernel
pointers for page_pool-tagged pages.

The fix relies on the kernel pointers that alias with the pp_magic field
always being above PAGE_OFFSET. With this assumption, we can use the
lowest bit of the value of PAGE_OFFSET as the upper bound of the
PP_DMA_INDEX_MASK, which should avoid the false positives.

Because we cannot rely on PAGE_OFFSET always being a compile-time
constant, nor on it always being >0, we fall back to disabling the
dma_index storage when there are not enough bits available. This leaves
us in the situation we were in before the patch in the Fixes tag, but
only on a subset of architecture configurations. This seems to be the
best we can do until the transition to page types in complete for
page_pool pages.

v2:
- Make sure there's at least 8 bits available and that the PAGE_OFFSET
  bit calculation doesn't wrap

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 15b8a5b4cdc16e9a8bb2a548e12a0fd92997605a

Version 4f51fb0d257ff4d406ec27966902de075e3b118e

Status affected

Version < f62934cea32c8f7b11b747975d69bf5afe4264cf

Version ee62ce7a1d909ccba0399680a03c2dee83bcae95

Status affected

Version < 95920c2ed02bde551ab654e9749c2ca7bc3100e0

Version ee62ce7a1d909ccba0399680a03c2dee83bcae95

Status affected

Version c30ae60f41f9edd6e1b5cad41cf28ce04dae39e4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.16

Status affected

Version < 6.16

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.54

Status unaffected

Version <= 6.17.*

Version 6.17.4

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/15b8a5b4cdc16e9a8bb2a548e12a0fd92997605a

https://git.kernel.org/stable/c/f62934cea32c8f7b11b747975d69bf5afe4264cf

https://git.kernel.org/stable/c/95920c2ed02bde551ab654e9749c2ca7bc3100e0

https://nvd.nist.gov/vuln/detail/CVE-2025-40199

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40199

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40199

EUVD