VDB

CVE-2025-39910

CVE-2025-39910 PUBLISHED CVSS 9.300000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc() kasan_populate_vmalloc() and its helpers ignore the caller's gfp_mask and always allocate memory using the hardcoded GFP_KERNEL flag. This makes them inconsistent with vmalloc(), which was recently extended to support GFP_NOFS and GFP_NOIO allocations. Page table allocations performed during shadow population also ignore the external gfp_mask. To preserve the intended semantics of GFP_NOFS and GFP_NOIO, wrap the apply_to_page_range() calls into the appropriate memalloc scope. xfs calls vmalloc with GFP_NOFS, so this bug could lead to deadlock. There was a report here https://lkml.kernel.org/r/686ea951.050a0220.385921.0016.GAE@google.com This patch: - Extends kasan_populate_vmalloc() and helpers to take gfp_mask; - Passes gfp_mask down to alloc_pages_bulk() and __get_free_page(); - Enforces GFP_NOFS/NOIO semantics with memalloc_*_save()/restore() around apply_to_page_range(); - Updates vmalloc.c and percpu allocator call sites accordingly.

EPSS 0.02% · 3.5th percentile

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.02%
3.5th percentile

Affected Products

VendorProductVersions
LinuxLinux451769ebb7e792c3404db53b3c2a422990de654e, 451769ebb7e792c3404db53b3c2a422990de654e, 5.17
linuxlinux_kernel6.17, 5.17, 5.17

Timeline

  • Jan 21, 1970 Security Advisory
  • Oct 1, 2025 EPSS Score
  • Oct 1, 2025 CVE Published
  • Oct 1, 2025 PoC Published
  • Oct 4, 2025 Coalition ESS Score
  • Oct 6, 2025 Coalition ESS Score
  • Oct 8, 2025 EPSS Score
  • Oct 8, 2025 Coalition ESS Score
  • Oct 12, 2025 PoC Published
  • Oct 14, 2025 EPSS Score
  • Oct 21, 2025 EPSS Score
  • Oct 27, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›