| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Return NULL from huge_pte_offset() for invalid PMD\n\nLoongArch's huge_pte_offset() currently returns a pointer to a PMD slot\neven if the underlying entry points to invalid_pte_table (indicating no\nmapping). Callers like smaps_hugetlb_range() fetch this invalid entry\nvalue (the address of invalid_pte_table) via this pointer.\n\nThe generic is_swap_pte() check then incorrectly identifies this address\nas a swap entry on LoongArch, because it satisfies the \"!pte_present()\n&& !pte_none()\" conditions. This misinterpretation, combined with a\ncoincidental match by is_migration_entry() on the address bits, leads to\nkernel crashes in pfn_swap_entry_to_page().\n\nFix this at the architecture level by modifying huge_pte_offset() to\ncheck the PMD entry's content using pmd_none() before returning. If the\nentry is invalid (i.e., it points to invalid_pte_table), return NULL\ninstead of the pointer to the slot." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "arch/loongarch/mm/hugetlbpage.c" |
| ], |
| "versions": [ |
| { |
| "version": "fa96b57c149061f71a70bd6582d995f6424fbbf4", |
| "lessThan": "34256805720993e37adf6127371a1265aea8376a", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "fa96b57c149061f71a70bd6582d995f6424fbbf4", |
| "lessThan": "2ca9380b12711afe95b3589bd82b59623b3c96b3", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "fa96b57c149061f71a70bd6582d995f6424fbbf4", |
| "lessThan": "51424fd171cee6a33f01f7c66b8eb23ac42289d4", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "fa96b57c149061f71a70bd6582d995f6424fbbf4", |
| "lessThan": "b49f085cd671addbda4802d6b9382513f7dd0f30", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "fa96b57c149061f71a70bd6582d995f6424fbbf4", |
| "lessThan": "bd51834d1cf65a2c801295d230c220aeebf87a73", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "arch/loongarch/mm/hugetlbpage.c" |
| ], |
| "versions": [ |
| { |
| "version": "5.19", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.19", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.136", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.89", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.26", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.14.5", |
| "lessThanOrEqual": "6.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.15", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.19", |
| "versionEndExcluding": "6.1.136" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.19", |
| "versionEndExcluding": "6.6.89" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.19", |
| "versionEndExcluding": "6.12.26" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.19", |
| "versionEndExcluding": "6.14.5" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.19", |
| "versionEndExcluding": "6.15" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/34256805720993e37adf6127371a1265aea8376a" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/2ca9380b12711afe95b3589bd82b59623b3c96b3" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/51424fd171cee6a33f01f7c66b8eb23ac42289d4" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/b49f085cd671addbda4802d6b9382513f7dd0f30" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/bd51834d1cf65a2c801295d230c220aeebf87a73" |
| } |
| ], |
| "title": "LoongArch: Return NULL from huge_pte_offset() for invalid PMD", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2025-37818", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
