CVE-2025-39845
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
19/09/2025
Última modificación:
19/09/2025
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()<br />
<br />
Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure<br />
page tables are properly synchronized when calling p*d_populate_kernel().<br />
<br />
For 5-level paging, synchronization is performed via<br />
pgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so<br />
synchronization is instead performed at the P4D level via<br />
p4d_populate_kernel().<br />
<br />
This fixes intermittent boot failures on systems using 4-level paging and<br />
a large amount of persistent memory:<br />
<br />
BUG: unable to handle page fault for address: ffffe70000000034<br />
#PF: supervisor write access in kernel mode<br />
#PF: error_code(0x0002) - not-present page<br />
PGD 0 P4D 0<br />
Oops: 0002 [#1] SMP NOPTI<br />
RIP: 0010:__init_single_page+0x9/0x6d<br />
Call Trace:<br />
<br />
__init_zone_device_page+0x17/0x5d<br />
memmap_init_zone_device+0x154/0x1bb<br />
pagemap_range+0x2e0/0x40f<br />
memremap_pages+0x10b/0x2f0<br />
devm_memremap_pages+0x1e/0x60<br />
dev_dax_probe+0xce/0x2ec [device_dax]<br />
dax_bus_probe+0x6d/0xc9<br />
[... snip ...]<br />
<br />
<br />
It also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap<br />
before sync_global_pgds() [1]:<br />
<br />
BUG: unable to handle page fault for address: ffffeb3ff1200000<br />
#PF: supervisor write access in kernel mode<br />
#PF: error_code(0x0002) - not-present page<br />
PGD 0 P4D 0<br />
Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI<br />
Tainted: [W]=WARN<br />
RIP: 0010:vmemmap_set_pmd+0xff/0x230<br />
<br />
vmemmap_populate_hugepages+0x176/0x180<br />
vmemmap_populate+0x34/0x80<br />
__populate_section_memmap+0x41/0x90<br />
sparse_add_section+0x121/0x3e0<br />
__add_pages+0xba/0x150<br />
add_pages+0x1d/0x70<br />
memremap_pages+0x3dc/0x810<br />
devm_memremap_pages+0x1c/0x60<br />
xe_devm_add+0x8b/0x100 [xe]<br />
xe_tile_init_noalloc+0x6a/0x70 [xe]<br />
xe_device_probe+0x48c/0x740 [xe]<br />
[... snip ...]
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/26ff568f390a531d1bd792e49f1a401849921960
- https://git.kernel.org/stable/c/5f761d40ee95d2624f839c90ebeef2d5c55007f5
- https://git.kernel.org/stable/c/6659d027998083fbb6d42a165b0c90dc2e8ba989
- https://git.kernel.org/stable/c/6bf9473727569e8283c1e2445c7ac42cf4fc9fa9
- https://git.kernel.org/stable/c/744ff519c72de31344a627eaf9b24e9595aae554
- https://git.kernel.org/stable/c/b7f4051dd3388edd30e9a6077c05c486aa31e0d4