CVE-2025-40199

EPSS 0.02%
Veröffentlicht 12.11.2025 21:56:33
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches

In the Linux kernel, the following vulnerability has been resolved:

page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches

Helge reported that the introduction of PP_MAGIC_MASK let to crashes on
boot on his 32-bit parisc machine. The cause of this is the mask is set
too wide, so the page_pool_page_is_pp() incurs false positives which
crashes the machine.

Just disabling the check in page_pool_is_pp() will lead to the page_pool
code itself malfunctioning; so instead of doing this, this patch changes
the define for PP_DMA_INDEX_BITS to avoid mistaking arbitrary kernel
pointers for page_pool-tagged pages.

The fix relies on the kernel pointers that alias with the pp_magic field
always being above PAGE_OFFSET. With this assumption, we can use the
lowest bit of the value of PAGE_OFFSET as the upper bound of the
PP_DMA_INDEX_MASK, which should avoid the false positives.

Because we cannot rely on PAGE_OFFSET always being a compile-time
constant, nor on it always being >0, we fall back to disabling the
dma_index storage when there are not enough bits available. This leaves
us in the situation we were in before the patch in the Fixes tag, but
only on a subset of architecture configurations. This seems to be the
best we can do until the transition to page types in complete for
page_pool pages.

v2:
- Make sure there's at least 8 bits available and that the PAGE_OFFSET
  bit calculation doesn't wrap

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 4f51fb0d257ff4d406ec27966902de075e3b118e

Version < 15b8a5b4cdc16e9a8bb2a548e12a0fd92997605a

Status affected

Version ee62ce7a1d909ccba0399680a03c2dee83bcae95

Version < f62934cea32c8f7b11b747975d69bf5afe4264cf

Status affected

Version ee62ce7a1d909ccba0399680a03c2dee83bcae95

Version < 95920c2ed02bde551ab654e9749c2ca7bc3100e0

Status affected

Version c30ae60f41f9edd6e1b5cad41cf28ce04dae39e4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.16

Status affected

Version 0

Version < 6.16

Status unaffected

Version <= 6.12.*

Version 6.12.54

Status unaffected

Version <= 6.17.*

Version 6.17.4

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.066

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/15b8a5b4cdc16e9a8bb2a548e12a0fd92997605a

https://git.kernel.org/stable/c/f62934cea32c8f7b11b747975d69bf5afe4264cf

https://git.kernel.org/stable/c/95920c2ed02bde551ab654e9749c2ca7bc3100e0

https://nvd.nist.gov/vuln/detail/CVE-2025-40199

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40199

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40199

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40199