CVE-2025-39899

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the mm/userfaultfd subsystem related to the ordering of kmap local operations when CONFIG HIGHPTE is enabled on 32-bit ARM architectures. Specifically, the code was unmapping PTE pages in the incorrect order, violating the Last-In-First-Out (LIFO) requirement for kmap local page(). This resulted in a warning within the kunmap local indexed() function, indicating an address mismatch. The fix involves reversing the unmap order to adhere to the LIFO ordering principle, aligning with previous fixes addressing similar issues in crypto and nilfs2 subsystems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2025-15672

CVE-2025-39899

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39899

Weakness Enumeration

Related Identifiers

Affected Products

References · 2659