CVE-2025-39836
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39836
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39836.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39836
- Downstream
- Published
- 2025-09-16T13:08:52Z
- Modified
- 2025-10-18T06:21:41.890423Z
- Summary
- efi: stmm: Fix incorrect buffer allocation method
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
efi: stmm: Fix incorrect buffer allocation method
The communication buffer allocated by setupmmhdr() is later on passed to teeshmregisterkernelbuf(). The latter expects those buffers to be contiguous pages, but setupmmhdr() just uses kmalloc(). That can cause various corruptions or BUGs, specifically since commit 9aec2fb0fd5e ("slab: allocate frozen pages"), though it was broken before as well.
Fix this by using allocpagesexact() instead of kmalloc().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc44b6be62e8dd4ee0a308c36a70620613e6fc55fFixed77ff27ff0e4529a003c8a1c2492c111968c378d3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc44b6be62e8dd4ee0a308c36a70620613e6fc55fFixed630c0e6064daf84f17aad1a7d9ca76b562e3fe47
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc44b6be62e8dd4ee0a308c36a70620613e6fc55fFixedc5e81e672699e0c5557b2b755cc8f7a69aa92bff
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.16.2
v6.16.3
v6.16.4
v6.17-rc1
v6.7
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77ff27ff0e4529a003c8a1c2492c111968c378d3",
"id": "CVE-2025-39836-059ae23f",
"digest": {
"function_hash": "60717369742193038714986353728611968569",
"length": 796.0
},
"target": {
"function": "setup_mm_hdr",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@630c0e6064daf84f17aad1a7d9ca76b562e3fe47",
"id": "CVE-2025-39836-0c7ca957",
"digest": {
"function_hash": "242107909492901223828581705223968299665",
"length": 1262.0
},
"target": {
"function": "tee_get_next_variable",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77ff27ff0e4529a003c8a1c2492c111968c378d3",
"id": "CVE-2025-39836-12cf57e9",
"digest": {
"function_hash": "242107909492901223828581705223968299665",
"length": 1262.0
},
"target": {
"function": "tee_get_next_variable",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@630c0e6064daf84f17aad1a7d9ca76b562e3fe47",
"id": "CVE-2025-39836-1640a70d",
"digest": {
"function_hash": "310985645734550557426738956918101852562",
"length": 533.0
},
"target": {
"function": "tee_query_variable_info",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e81e672699e0c5557b2b755cc8f7a69aa92bff",
"id": "CVE-2025-39836-221b1af8",
"digest": {
"function_hash": "188470542165774735376822310561347348093",
"length": 1287.0
},
"target": {
"function": "tee_set_variable",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@630c0e6064daf84f17aad1a7d9ca76b562e3fe47",
"id": "CVE-2025-39836-427589b4",
"digest": {
"function_hash": "87012210474750147954857960360287290327",
"length": 551.0
},
"target": {
"function": "get_max_payload",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77ff27ff0e4529a003c8a1c2492c111968c378d3",
"id": "CVE-2025-39836-437c3251",
"digest": {
"function_hash": "146618689559847298401408874191651016524",
"length": 1398.0
},
"target": {
"function": "tee_get_variable",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77ff27ff0e4529a003c8a1c2492c111968c378d3",
"id": "CVE-2025-39836-47c6993b",
"digest": {
"function_hash": "310985645734550557426738956918101852562",
"length": 533.0
},
"target": {
"function": "tee_query_variable_info",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e81e672699e0c5557b2b755cc8f7a69aa92bff",
"id": "CVE-2025-39836-4ff717f5",
"digest": {
"function_hash": "146618689559847298401408874191651016524",
"length": 1398.0
},
"target": {
"function": "tee_get_variable",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77ff27ff0e4529a003c8a1c2492c111968c378d3",
"id": "CVE-2025-39836-584dfa83",
"digest": {
"function_hash": "87012210474750147954857960360287290327",
"length": 551.0
},
"target": {
"function": "get_max_payload",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@630c0e6064daf84f17aad1a7d9ca76b562e3fe47",
"id": "CVE-2025-39836-7a59ebc3",
"digest": {
"function_hash": "146618689559847298401408874191651016524",
"length": 1398.0
},
"target": {
"function": "tee_get_variable",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e81e672699e0c5557b2b755cc8f7a69aa92bff",
"id": "CVE-2025-39836-8ffd55ec",
"digest": {
"function_hash": "310985645734550557426738956918101852562",
"length": 533.0
},
"target": {
"function": "tee_query_variable_info",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@630c0e6064daf84f17aad1a7d9ca76b562e3fe47",
"id": "CVE-2025-39836-91d1e4cb",
"digest": {
"function_hash": "281898174959351814789448942044239033138",
"length": 779.0
},
"target": {
"function": "get_property_int",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77ff27ff0e4529a003c8a1c2492c111968c378d3",
"id": "CVE-2025-39836-921e62b2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"260705847040386232647566263120183882326",
"256489214993636045307376471638256963943",
"44390808024966049502284184962951870203",
"38690422656567593284672532327687708490",
"171485552566878654500508498562028763131",
"38375593860394052701987336262763382320",
"324539407668273180815309789554163308277",
"97860742424017640740109676121223646959",
"135975249176182483405810754272552585964",
"142361950725065668498317234478978460365",
"176404063787746551585373800587688123216",
"328997610892348475636571820670953696371",
"277004907366711413946063665293531707232",
"64064812059963714987429088336954844365",
"214972557627312621842646447412571982640",
"328997610892348475636571820670953696371",
"141962500803266820699337131684104814203",
"155031696957370221963076846694774386131",
"161680879088351818145475989263256297698",
"328997610892348475636571820670953696371",
"152094939866942650530256407118130764948",
"320868407697320504387255190588668376812",
"153575196942722992006461769678366371597",
"328997610892348475636571820670953696371",
"262279363906894273017481438474463454812",
"310584247025676886048285447783737766670",
"96550077684548208133200709219767506237",
"328997610892348475636571820670953696371",
"213539706028520283243665132941000596356",
"302782182716096885320947142542223775920",
"172141581351555001514044267759514552298",
"328997610892348475636571820670953696371",
"14105602720874947922498997896210771634"
]
},
"target": {
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e81e672699e0c5557b2b755cc8f7a69aa92bff",
"id": "CVE-2025-39836-9884b66c",
"digest": {
"function_hash": "242107909492901223828581705223968299665",
"length": 1262.0
},
"target": {
"function": "tee_get_next_variable",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e81e672699e0c5557b2b755cc8f7a69aa92bff",
"id": "CVE-2025-39836-9921df22",
"digest": {
"function_hash": "60717369742193038714986353728611968569",
"length": 796.0
},
"target": {
"function": "setup_mm_hdr",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e81e672699e0c5557b2b755cc8f7a69aa92bff",
"id": "CVE-2025-39836-ac6d27d9",
"digest": {
"function_hash": "87012210474750147954857960360287290327",
"length": 551.0
},
"target": {
"function": "get_max_payload",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77ff27ff0e4529a003c8a1c2492c111968c378d3",
"id": "CVE-2025-39836-b2e94a4b",
"digest": {
"function_hash": "188470542165774735376822310561347348093",
"length": 1287.0
},
"target": {
"function": "tee_set_variable",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@630c0e6064daf84f17aad1a7d9ca76b562e3fe47",
"id": "CVE-2025-39836-b8548146",
"digest": {
"function_hash": "60717369742193038714986353728611968569",
"length": 796.0
},
"target": {
"function": "setup_mm_hdr",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@630c0e6064daf84f17aad1a7d9ca76b562e3fe47",
"id": "CVE-2025-39836-d53d40ff",
"digest": {
"function_hash": "188470542165774735376822310561347348093",
"length": 1287.0
},
"target": {
"function": "tee_set_variable",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77ff27ff0e4529a003c8a1c2492c111968c378d3",
"id": "CVE-2025-39836-d53d44ae",
"digest": {
"function_hash": "281898174959351814789448942044239033138",
"length": 779.0
},
"target": {
"function": "get_property_int",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e81e672699e0c5557b2b755cc8f7a69aa92bff",
"id": "CVE-2025-39836-d84f5863",
"digest": {
"function_hash": "281898174959351814789448942044239033138",
"length": 779.0
},
"target": {
"function": "get_property_int",
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e81e672699e0c5557b2b755cc8f7a69aa92bff",
"id": "CVE-2025-39836-e076bc3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"260705847040386232647566263120183882326",
"256489214993636045307376471638256963943",
"44390808024966049502284184962951870203",
"38690422656567593284672532327687708490",
"171485552566878654500508498562028763131",
"38375593860394052701987336262763382320",
"324539407668273180815309789554163308277",
"97860742424017640740109676121223646959",
"135975249176182483405810754272552585964",
"142361950725065668498317234478978460365",
"176404063787746551585373800587688123216",
"328997610892348475636571820670953696371",
"277004907366711413946063665293531707232",
"64064812059963714987429088336954844365",
"214972557627312621842646447412571982640",
"328997610892348475636571820670953696371",
"141962500803266820699337131684104814203",
"155031696957370221963076846694774386131",
"161680879088351818145475989263256297698",
"328997610892348475636571820670953696371",
"152094939866942650530256407118130764948",
"320868407697320504387255190588668376812",
"153575196942722992006461769678366371597",
"328997610892348475636571820670953696371",
"262279363906894273017481438474463454812",
"310584247025676886048285447783737766670",
"96550077684548208133200709219767506237",
"328997610892348475636571820670953696371",
"213539706028520283243665132941000596356",
"302782182716096885320947142542223775920",
"172141581351555001514044267759514552298",
"328997610892348475636571820670953696371",
"14105602720874947922498997896210771634"
]
},
"target": {
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@630c0e6064daf84f17aad1a7d9ca76b562e3fe47",
"id": "CVE-2025-39836-ecbccbae",
"digest": {
"threshold": 0.9,
"line_hashes": [
"260705847040386232647566263120183882326",
"256489214993636045307376471638256963943",
"44390808024966049502284184962951870203",
"38690422656567593284672532327687708490",
"171485552566878654500508498562028763131",
"38375593860394052701987336262763382320",
"324539407668273180815309789554163308277",
"97860742424017640740109676121223646959",
"135975249176182483405810754272552585964",
"142361950725065668498317234478978460365",
"176404063787746551585373800587688123216",
"328997610892348475636571820670953696371",
"277004907366711413946063665293531707232",
"64064812059963714987429088336954844365",
"214972557627312621842646447412571982640",
"328997610892348475636571820670953696371",
"141962500803266820699337131684104814203",
"155031696957370221963076846694774386131",
"161680879088351818145475989263256297698",
"328997610892348475636571820670953696371",
"152094939866942650530256407118130764948",
"320868407697320504387255190588668376812",
"153575196942722992006461769678366371597",
"328997610892348475636571820670953696371",
"262279363906894273017481438474463454812",
"310584247025676886048285447783737766670",
"96550077684548208133200709219767506237",
"328997610892348475636571820670953696371",
"213539706028520283243665132941000596356",
"302782182716096885320947142542223775920",
"172141581351555001514044267759514552298",
"328997610892348475636571820670953696371",
"14105602720874947922498997896210771634"
]
},
"target": {
"file": "drivers/firmware/efi/stmm/tee_stmm_efi.c"
}
}
]