CVE-2025-39910

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s kasan populate vmalloc() function and its helpers did not correctly respect the caller’s gfp mask, always using GFP KERNEL instead. This inconsistency with vmalloc(), which supports GFP NOFS and GFP NOIO allocations, could lead to a deadlock, particularly in scenarios where vmalloc is called with GFP NOFS, such as by XFS. The issue stemmed from page table allocations during shadow population also ignoring the external gfp mask. The patch addresses this by extending kasan populate vmalloc() and helpers to accept gfp mask, passing it down to allocation functions, and enforcing GFP NOFS/GFP NOIO semantics around apply to page range().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.