Home

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copy_highpage() The arm64 copy_highpage() assumes that the destination page is newly allocated and not MTE-tagged (PG_mte_tagged unset) and warns accordingly. However, following commit 060913999d7a ("mm: migrate: support poisoned recover from migrate folio"), folio_mc_copy() is called before __folio_migrate_mapping(). If the latter fails (-EAGAIN), the copy will be done again to the same destination page. Since copy_highpage() already set the PG_mte_tagged flag, this second copy will warn. Replace the WARN_ON_ONCE(page already tagged) in the arm64 copy_highpage() with a comment.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-16 | Updated 2025-12-16 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 5ff5765a1fc526f07d3bbaedb061d970eb13bcf4
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 0bbf3fc6e9211fce9889fe8efbb89c220504d617
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before b98c94eed4a975e0c80b7e90a649a46967376f58
affected

Default status
affected

6.12.56 (semver)
unaffected

6.17.6 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/5ff5765a1fc526f07d3bbaedb061d970eb13bcf4

git.kernel.org/...c/0bbf3fc6e9211fce9889fe8efbb89c220504d617

git.kernel.org/...c/b98c94eed4a975e0c80b7e90a649a46967376f58

cve.org (CVE-2025-40353)

nvd.nist.gov (CVE-2025-40353)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.