PT-2025-38551 · Linux+5 · Linux Kernel+5

Published

2025-09-19

·

Updated

2026-05-07

·

CVE-2025-39844

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel related to page table synchronization during vmemmap initialization. Specifically, the optimized path within vmemmap populate compound pages() skips synchronization of top-level page tables, potentially leading to kernel panics when accessing the vmemmap area before the corresponding top-level entries are synchronized. This issue arises from relying on each architecture to manually handle page table synchronization, which is prone to errors and omissions. The solution involves introducing pgd populate kernel() and p4d populate kernel() to explicitly perform synchronization when installing top-level entries, leveraging existing mechanisms used by vmalloc and ioremap.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Weakness Enumeration

CWE-404

Related Identifiers

AZL-67557
AZL-74832
BDU:2025-14120
CVE-2025-39844
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-131D-5CA1-B72E
INFESA-2025_0006
OESA-2025-2465
OESA-2025-2466
OESA-2025-2467
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu