CVE-2025-37818

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> LoongArch: Return NULL from huge_pte_offset() for invalid PMD<br /> <br /> LoongArch&amp;#39;s huge_pte_offset() currently returns a pointer to a PMD slot<br /> even if the underlying entry points to invalid_pte_table (indicating no<br /> mapping). Callers like smaps_hugetlb_range() fetch this invalid entry<br /> value (the address of invalid_pte_table) via this pointer.<br /> <br /> The generic is_swap_pte() check then incorrectly identifies this address<br /> as a swap entry on LoongArch, because it satisfies the "!pte_present()<br /> &amp;&amp; !pte_none()" conditions. This misinterpretation, combined with a<br /> coincidental match by is_migration_entry() on the address bits, leads to<br /> kernel crashes in pfn_swap_entry_to_page().<br /> <br /> Fix this at the architecture level by modifying huge_pte_offset() to<br /> check the PMD entry&amp;#39;s content using pmd_none() before returning. If the<br /> entry is invalid (i.e., it points to invalid_pte_table), return NULL<br /> instead of the pointer to the slot.