CVE-2025-40270

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm, swap: fix potential UAF issue for VMA readahead<br /> <br /> Since commit 78524b05f1a3 ("mm, swap: avoid redundant swap device<br /> pinning"), the common helper for allocating and preparing a folio in the<br /> swap cache layer no longer tries to get a swap device reference<br /> internally, because all callers of __read_swap_cache_async are already<br /> holding a swap entry reference. The repeated swap device pinning isn&amp;#39;t<br /> needed on the same swap device.<br /> <br /> Caller of VMA readahead is also holding a reference to the target entry&amp;#39;s<br /> swap device, but VMA readahead walks the page table, so it might encounter<br /> swap entries from other devices, and call __read_swap_cache_async on<br /> another device without holding a reference to it.<br /> <br /> So it is possible to cause a UAF when swapoff of device A raced with<br /> swapin on device B, and VMA readahead tries to read swap entries from<br /> device A. It&amp;#39;s not easy to trigger, but in theory, it could cause real<br /> issues.<br /> <br /> Make VMA readahead try to get the device reference first if the swap<br /> device is a different one from the target entry.