CVE-2025-22045

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs<br /> <br /> On the following path, flush_tlb_range() can be used for zapping normal<br /> PMD entries (PMD entries that point to page tables) together with the PTE<br /> entries in the pointed-to page table:<br /> <br /> collapse_pte_mapped_thp<br /> pmdp_collapse_flush<br /> flush_tlb_range<br /> <br /> The arm64 version of flush_tlb_range() has a comment describing that it can<br /> be used for page table removal, and does not use any last-level<br /> invalidation optimizations. Fix the X86 version by making it behave the<br /> same way.<br /> <br /> Currently, X86 only uses this information for the following two purposes,<br /> which I think means the issue doesn&amp;#39;t have much impact:<br /> <br /> - In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be<br /> IPI&amp;#39;d to avoid issues with speculative page table walks.<br /> - In Hyper-V TLB paravirtualization, again for lazy TLB stuff.<br /> <br /> The patch "x86/mm: only invalidate final translations with INVLPGB" which<br /> is currently under review (see<br /> )<br /> would probably be making the impact of this a lot worse.