CVE-2025-39836

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue where the communication buffer allocated by setup mm hdr() was not contiguous, despite being expected to be by tee shm register kernel buf(). This could lead to corruptions or system bugs, particularly after commit 9aec2fb0fd5e ("slab: allocate frozen pages"), though the issue existed prior to this commit. The problem was caused by using kmalloc() instead of allocating contiguous pages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-770

Related Identifiers

BDU:2025-15675

CVE-2025-39836

DSA-6008-1

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39836

Weakness Enumeration

Related Identifiers

Affected Products

References · 3027