GHSA-349M-QG9R-C9HF

Vulnerability from github – Published: 2025-12-04 15:30 – Updated: 2025-12-04 15:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/vaddr: do not repeat pte_offset_map_lock() until success

DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table walk callback function. This is for reading and writing page table accessed bits. If pte_offset_map_lock() fails, it retries by returning the page table walk callback function with ACTION_AGAIN.

pte_offset_map_lock() can continuously fail if the target is a pmd migration entry, though. Hence it could cause an infinite page table walk if the migration cannot be done until the page table walk is finished. This indeed caused a soft lockup when CPU hotplugging and DAMON were running in parallel.

Avoid the infinite loop by simply not retrying the page table walk. DAMON is promising only a best-effort accuracy, so missing access to such pages is no problem.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-40218"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-04T15:15:57Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/vaddr: do not repeat pte_offset_map_lock() until success\n\nDAMON\u0027s virtual address space operation set implementation (vaddr) calls\npte_offset_map_lock() inside the page table walk callback function.  This\nis for reading and writing page table accessed bits.  If\npte_offset_map_lock() fails, it retries by returning the page table walk\ncallback function with ACTION_AGAIN.\n\npte_offset_map_lock() can continuously fail if the target is a pmd\nmigration entry, though.  Hence it could cause an infinite page table walk\nif the migration cannot be done until the page table walk is finished. \nThis indeed caused a soft lockup when CPU hotplugging and DAMON were\nrunning in parallel.\n\nAvoid the infinite loop by simply not retrying the page table walk.  DAMON\nis promising only a best-effort accuracy, so missing access to such pages\nis no problem.",
  "id": "GHSA-349m-qg9r-c9hf",
  "modified": "2025-12-04T15:30:33Z",
  "published": "2025-12-04T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40218"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ccd91cf749536d41307a07e60ec14ab0dbf21f5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/677ebfe5d00f94adec0c0204f6e6e2a82d3f77bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac42320ec873bfe726141069cfdd90ee5bc4e885"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b93af2cc8e036754c0d9970d9ddc47f43cc94b9f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.