CVE-2025-37818

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the LoongArch architecture. The issue arises when the huge pte offset() function returns a pointer to a PMD slot even if the underlying entry points to invalid pte table, indicating no mapping. This leads to callers like smaps hugetlb range() fetching an invalid entry value. The generic is swap pte() check incorrectly identifies this address as a swap entry, satisfying the conditions !pte present() && !pte none(). Combined with a coincidental match by is migration entry() on the address bits, this results in kernel crashes in pfn swap entry to page(). The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve this issue, modify the huge pte offset() function to check the PMD entry's content using pmd none() before returning. If the entry is invalid, return NULL instead of the pointer to the slot. As a temporary workaround, consider restricting access to the huge pte offset() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.