5.5
CVE-2025-68211
- EPSS 0.12%
- Veröffentlicht 16.12.2025 13:48:37
- Zuletzt bearbeitet 26.02.2026 15:52:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ksm: use range-walk function to jump over holes in scan_get_next_rmap_item
In the Linux kernel, the following vulnerability has been resolved:
ksm: use range-walk function to jump over holes in scan_get_next_rmap_item
Currently, scan_get_next_rmap_item() walks every page address in a VMA to
locate mergeable pages. This becomes highly inefficient when scanning
large virtual memory areas that contain mostly unmapped regions, causing
ksmd to use large amount of cpu without deduplicating much pages.
This patch replaces the per-address lookup with a range walk using
walk_page_range(). The range walker allows KSM to skip over entire
unmapped holes in a VMA, avoiding unnecessary lookups. This problem was
previously discussed in [1].
Consider the following test program which creates a 32 TiB mapping in the
virtual address space but only populates a single page:
#include <unistd.h>
#include <stdio.h>
#include <sys/mman.h>
/* 32 TiB */
const size_t size = 32ul * 1024 * 1024 * 1024 * 1024;
int main() {
char *area = mmap(NULL, size, PROT_READ | PROT_WRITE,
MAP_NORESERVE | MAP_PRIVATE | MAP_ANON, -1, 0);
if (area == MAP_FAILED) {
perror("mmap() failed\n");
return -1;
}
/* Populate a single page such that we get an anon_vma. */
*area = 0;
/* Enable KSM. */
madvise(area, size, MADV_MERGEABLE);
pause();
return 0;
}
$ ./ksm-sparse &
$ echo 1 > /sys/kernel/mm/ksm/run
Without this patch ksmd uses 100% of the cpu for a long time (more then 1
hour in my test machine) scanning all the 32 TiB virtual address space
that contain only one mapped page. This makes ksmd essentially deadlocked
not able to deduplicate anything of value. With this patch ksmd walks
only the one mapped page and skips the rest of the 32 TiB virtual address
space, making the scan fast using little cpu.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.32 < 5.10.249
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.199
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.161
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.121
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.59
Linux ≫ Linux Kernel Version >= 6.13 < 6.17.9
Linux ≫ Linux Kernel Version6.18 Updaterc1
Linux ≫ Linux Kernel Version6.18 Updaterc2
Linux ≫ Linux Kernel Version6.18 Updaterc3
Linux ≫ Linux Kernel Version6.18 Updaterc4
Linux ≫ Linux Kernel Version6.18 Updaterc5
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.024 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
https://git.kernel.org/stable/c/74f78421c925b6d17695566f0c5941de57fd44b3
https://git.kernel.org/stable/c/f62973e0767e4fcd6799087787fca08ca2a85b8c
https://git.kernel.org/stable/c/f5548c318d6520d4fa3c5ed6003eeb710763cbc5
https://git.kernel.org/stable/c/67137b715b7db28d82e4ed07a7092c2fa6ba7adb
https://git.kernel.org/stable/c/9c2f8a9b68024e5ebb4813665845ec0a95f2eac3
https://git.kernel.org/stable/c/10644e8839544dd5699c03c8fb1aeeefc41602fd
https://git.kernel.org/stable/c/220cb3e425e17587f560335924cba9f16a842c64