We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-22045

x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs



Description

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE entries in the pointed-to page table: collapse_pte_mapped_thp pmdp_collapse_flush flush_tlb_range The arm64 version of flush_tlb_range() has a comment describing that it can be used for page table removal, and does not use any last-level invalidation optimizations. Fix the X86 version by making it behave the same way. Currently, X86 only uses this information for the following two purposes, which I think means the issue doesn't have much impact: - In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be IPI'd to avoid issues with speculative page table walks. - In Hyper-V TLB paravirtualization, again for lazy TLB stuff. The patch "x86/mm: only invalidate final translations with INVLPGB" which is currently under review (see <https://lore.kernel.org/all/20241230175550.4046587-13-riel@surriel.com/>) would probably be making the impact of this a lot worse.

Reserved 2024-12-29 | Published 2025-04-16 | Updated 2025-05-26 | Assigner Linux

Product status

Default status
unaffected

016c4d92cd16f569c6485ae62b076c1a4b779536 before 618d5612ecb7bfc1c85342daafeb2b47e29e77a3
affected

016c4d92cd16f569c6485ae62b076c1a4b779536 before 556d446068f90981e5d71ca686bdaccdd545d491
affected

016c4d92cd16f569c6485ae62b076c1a4b779536 before 0a8f806ea6b5dd64b3d1f05ff774817d5f7ddbd1
affected

016c4d92cd16f569c6485ae62b076c1a4b779536 before 0708fd6bd8161871bfbadced2ca4319b84ab44fe
affected

016c4d92cd16f569c6485ae62b076c1a4b779536 before 7085895c59e4057ffae17f58990ccb630087d0d2
affected

016c4d92cd16f569c6485ae62b076c1a4b779536 before 93224deb50a8d20df3884f3672ce9f982129aa50
affected

016c4d92cd16f569c6485ae62b076c1a4b779536 before 320ac1af4c0bdb92c864dc9250d1329234820edf
affected

016c4d92cd16f569c6485ae62b076c1a4b779536 before 78d6f9a9eb2a5da6fcbd76d6191d24b0dcc321be
affected

016c4d92cd16f569c6485ae62b076c1a4b779536 before 3ef938c3503563bfc2ac15083557f880d29c2e64
affected

Default status
affected

4.20
affected

Any version before 4.20
unaffected

5.4.292
unaffected

5.10.236
unaffected

5.15.180
unaffected

6.1.134
unaffected

6.6.87
unaffected

6.12.23
unaffected

6.13.11
unaffected

6.14.2
unaffected

6.15
unaffected

References

git.kernel.org/...c/618d5612ecb7bfc1c85342daafeb2b47e29e77a3

git.kernel.org/...c/556d446068f90981e5d71ca686bdaccdd545d491

git.kernel.org/...c/0a8f806ea6b5dd64b3d1f05ff774817d5f7ddbd1

git.kernel.org/...c/0708fd6bd8161871bfbadced2ca4319b84ab44fe

git.kernel.org/...c/7085895c59e4057ffae17f58990ccb630087d0d2

git.kernel.org/...c/93224deb50a8d20df3884f3672ce9f982129aa50

git.kernel.org/...c/320ac1af4c0bdb92c864dc9250d1329234820edf

git.kernel.org/...c/78d6f9a9eb2a5da6fcbd76d6191d24b0dcc321be

git.kernel.org/...c/3ef938c3503563bfc2ac15083557f880d29c2e64

cve.org (CVE-2025-22045)

nvd.nist.gov (CVE-2025-22045)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-22045

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.