PT-2025-22219 · Linux+9 · Linux Kernel+9
Published
2025-04-21
·
Updated
2026-05-26
·
CVE-2025-37958
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.14.0+
Description
A vulnerability in the Linux kernel has been resolved, related to the migration of Transparent Huge Pages (THPs). When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access. This issue can be prevented by checking the PMD migration entry and returning early. The vulnerability was found by syzkaller on an internal kernel and confirmed on upstream.
Recommendations
For Linux kernel versions prior to 6.14.0+, update to version 6.14.0 or later to resolve the issue. As a temporary workaround, consider disabling the
split huge pmd locked function until a patch is available. Restrict access to the mm/huge memory module to minimize the risk of exploitation. Avoid using the pmd to swp entry and pfn swap entry to page functions in the affected API endpoints until the issue is resolved.Exploit
Fix
DoS
Buffer Overflow
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu