Home

Description

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE With CONFIG_HIGHPTE on 32-bit ARM, move_pages_pte() maps PTE pages using kmap_local_page(), which requires unmapping in Last-In-First-Out order. The current code maps dst_pte first, then src_pte, but unmaps them in the same order (dst_pte, src_pte), violating the LIFO requirement. This causes the warning in kunmap_local_indexed(): WARNING: CPU: 0 PID: 604 at mm/highmem.c:622 kunmap_local_indexed+0x178/0x17c addr \!= __fix_to_virt(FIX_KMAP_BEGIN + idx) Fix this by reversing the unmap order to respect LIFO ordering. This issue follows the same pattern as similar fixes: - commit eca6828403b8 ("crypto: skcipher - fix mismatch between mapping and unmapping order") - commit 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename") Both of which addressed the same fundamental requirement that kmap_local operations must follow LIFO ordering.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-01 | Updated 2025-10-01 | Assigner Linux

Product status

Default status
unaffected

adef440691bab824e39c1b17382322d195e1fab0 before b051f707018967ea8f697d790a1ed8c443f63812
affected

adef440691bab824e39c1b17382322d195e1fab0 before bd1ee62759d0bd4d6b909731c076c230ac89d61e
affected

adef440691bab824e39c1b17382322d195e1fab0 before 9614d8bee66387501f48718fa306e17f2aa3f2f3
affected

Default status
affected

6.8
affected

Any version before 6.8
unaffected

6.12.46
unaffected

6.16.6
unaffected

6.17
unaffected

References

git.kernel.org/...c/b051f707018967ea8f697d790a1ed8c443f63812

git.kernel.org/...c/bd1ee62759d0bd4d6b909731c076c230ac89d61e

git.kernel.org/...c/9614d8bee66387501f48718fa306e17f2aa3f2f3

cve.org (CVE-2025-39899)

nvd.nist.gov (CVE-2025-39899)

Download JSON