CVE-2025-40040

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc6

Description The Linux kernel contains a flaw in the ksm madvise function related to how flags are handled during MADV UNMEARGEABLE operations on memory regions registered for userfaultfd (UFFD) in MINOR mode. Specifically, the issue arises from a type mismatch when applying the VM MERGEABLE flag, leading to the unintentional clearing of flags in the upper 32 bits of vm flags. This inconsistency can cause kernel panics or warnings during userfaultfd release all(), indicating a UFFD inconsistency. The root cause is that the VM MERGEABLE constant is defined as an unsigned int, which, when negated and promoted to an unsigned long, results in an incorrect bitmask for the AND operation. This issue affects only the VM MERGEABLE flag, as other VM * flags are not susceptible to this behavior due to their bit patterns after negation.

Recommendations Update to Linux kernel version 6.16.0-rc6 or later.