CVE-2025-40174
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40174
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40174.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40174
- Downstream
- Published
- 2025-11-12T10:53:49Z
- Modified
- 2025-11-12T20:19:59.433148Z
- Summary
- x86/mm: Fix SMP ordering in switch_mm_irqs_off()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix SMP ordering in switchmmirqs_off()
Stephen noted that it is possible to not have an smpmb() between the loadedmm store and the tlbgen load in switchmm(), meaning the ordering against flushtlbmmrange() goes out the window, and it becomes possible for switchmm() to not observe a recent tlb_gen update and fail to flush the TLBs.
[ dhansen: merge conflict fixed by Ingo ]
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced209954cbc7d0ce1a190fc725d20ce303d74d2680Fixed0fe5e3f5fb75c5d88dad24dece3ee75e9d87adeb
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced209954cbc7d0ce1a190fc725d20ce303d74d2680Fixed83b0177a6c4889b3a6e865da5e21b2c9d97d0551
Affected versions
v6.*
v6.12
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.17.3
v6.17.4
v6.18-rc1
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0fe5e3f5fb75c5d88dad24dece3ee75e9d87adeb",
"target": {
"file": "arch/x86/mm/tlb.c"
},
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"209229450153383931462865088110861236313",
"275237936112309874455631528540542706732",
"52920480946553805125629735482374251745",
"256123480295193046895956853690433971802",
"28632741102359198951264269367853632832",
"329583761789021984267077454939720826138"
]
},
"id": "CVE-2025-40174-119ed26f"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83b0177a6c4889b3a6e865da5e21b2c9d97d0551",
"target": {
"function": "switch_mm_irqs_off",
"file": "arch/x86/mm/tlb.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 2282.0,
"function_hash": "151877769955677687969117349471798466078"
},
"id": "CVE-2025-40174-40584bad"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0fe5e3f5fb75c5d88dad24dece3ee75e9d87adeb",
"target": {
"function": "switch_mm_irqs_off",
"file": "arch/x86/mm/tlb.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 2282.0,
"function_hash": "151877769955677687969117349471798466078"
},
"id": "CVE-2025-40174-d539df90"
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@83b0177a6c4889b3a6e865da5e21b2c9d97d0551",
"target": {
"file": "arch/x86/mm/tlb.c"
},
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"209229450153383931462865088110861236313",
"275237936112309874455631528540542706732",
"52920480946553805125629735482374251745",
"256123480295193046895956853690433971802",
"28632741102359198951264269367853632832",
"329583761789021984267077454939720826138"
]
},
"id": "CVE-2025-40174-f8e8c6cf"
}
]