CVE-2025-39845

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-39845
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39845.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-39845
Downstream
Related
Published
2025-09-19T15:26:19.225Z
Modified
2025-11-27T19:34:02.092171Z
Summary
x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/mm/64: define ARCHPAGETABLESYNCMASK and archsynckernel_mappings()

Define ARCHPAGETABLESYNCMASK and archsynckernelmappings() to ensure page tables are properly synchronized when calling p*dpopulate_kernel().

For 5-level paging, synchronization is performed via pgdpopulatekernel(). In 4-level paging, pgdpopulate() is a no-op, so synchronization is instead performed at the P4D level via p4dpopulate_kernel().

This fixes intermittent boot failures on systems using 4-level paging and a large amount of persistent memory:

BUG: unable to handle page fault for address: ffffe70000000034 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI RIP: 0010:initsinglepage+0x9/0x6d Call Trace: <TASK> _initzonedevicepage+0x17/0x5d memmapinitzonedevice+0x154/0x1bb pagemaprange+0x2e0/0x40f memremappages+0x10b/0x2f0 devmmemremappages+0x1e/0x60 devdaxprobe+0xce/0x2ec [devicedax] daxbus_probe+0x6d/0xc9 [... snip ...] </TASK>

It also fixes a crash in vmemmapsetpmd() caused by accessing vmemmap before syncglobalpgds() [1]:

BUG: unable to handle page fault for address: ffffeb3ff1200000 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI Tainted: [W]=WARN RIP: 0010:vmemmapsetpmd+0xff/0x230 <TASK> vmemmappopulatehugepages+0x176/0x180 vmemmappopulate+0x34/0x80 _populatesectionmemmap+0x41/0x90 sparseaddsection+0x121/0x3e0 _addpages+0xba/0x150 addpages+0x1d/0x70 memremappages+0x3dc/0x810 devmmemremappages+0x1c/0x60 xedevmadd+0x8b/0x100 [xe] xetileinitnoalloc+0x6a/0x70 [xe] xedeviceprobe+0x48c/0x740 [xe] [... snip ...]

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2025/39xxx/CVE-2025-39845.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8d400913c231bd1da74067255816453f96cd35b0
Fixed
744ff519c72de31344a627eaf9b24e9595aae554
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8d400913c231bd1da74067255816453f96cd35b0
Fixed
5f761d40ee95d2624f839c90ebeef2d5c55007f5
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8d400913c231bd1da74067255816453f96cd35b0
Fixed
26ff568f390a531d1bd792e49f1a401849921960
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8d400913c231bd1da74067255816453f96cd35b0
Fixed
b7f4051dd3388edd30e9a6077c05c486aa31e0d4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8d400913c231bd1da74067255816453f96cd35b0
Fixed
6bf9473727569e8283c1e2445c7ac42cf4fc9fa9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8d400913c231bd1da74067255816453f96cd35b0
Fixed
6659d027998083fbb6d42a165b0c90dc2e8ba989

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
5.15.192
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.151
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.105
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.46
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.16.6