CVE-2025-40336

EPSS 0.02%
Veröffentlicht 09.12.2025 04:09:52
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

drm/gpusvm: fix hmm_pfn_to_map_order() usage

In the Linux kernel, the following vulnerability has been resolved:

drm/gpusvm: fix hmm_pfn_to_map_order() usage

Handle the case where the hmm range partially covers a huge page (like
2M), otherwise we can potentially end up doing something nasty like
mapping memory which is outside the range, and maybe not even mapped by
the mm. Fix is based on the xe userptr code, which in a future patch
will directly use gpusvm, so needs alignment here.

v2:
  - Add kernel-doc (Matt B)
  - s/fls/ilog2/ (Thomas)

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 5

CNA 2 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 99624bdff8670795b678eafa6509aaad3a5c0175

Version < 08e9fd78ba1b9e95141181c69cc51795c9888157

Status affected

Version 99624bdff8670795b678eafa6509aaad3a5c0175

Version < c50729c68aaf93611c855752b00e49ce1fdd1558

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.15

Status affected

Version 0

Version < 6.15

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/08e9fd78ba1b9e95141181c69cc51795c9888157

https://git.kernel.org/stable/c/c50729c68aaf93611c855752b00e49ce1fdd1558

https://nvd.nist.gov/vuln/detail/CVE-2025-40336

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40336

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40336

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40336