CVE-2025-22090

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc5+

Description A vulnerability in the Linux kernel has been resolved, related to the handling of VM PAT when fork() fails in copy page range(). If track pfn copy() fails, the dst VMA is added to the maple tree, but as fork() fails, the cleanup of the maple tree stumbles over the dst VMA for which no reservation or page table copy was performed. This leads to untrack pfn() trying to obtain PAT information from the page table, which fails because the page table was not copied. The issue is fixed by setting the VM PAT flag only if the reservation succeeds and undoing the reservation if anything goes wrong while copying the page tables.

Recommendations For Linux kernel versions prior to 6.12.0-rc5+, update to a newer version that includes the fix for the VM PAT handling issue. As a temporary workaround, consider disabling the fork() system call in scenarios where copy page range() may fail, until a patch is available. Restrict access to the copy page range() function to minimize the risk of exploitation.