CVE-2025-39845
- Source
- https://cve.org/CVERecord?id=CVE-2025-39845
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39845.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39845
- Downstream
- Related
- Published
- 2025-09-19T15:26:19.225Z
- Modified
- 2026-03-11T07:49:01.807857622Z
- Summary
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
x86/mm/64: define ARCHPAGETABLESYNCMASK and archsynckernel_mappings()
Define ARCHPAGETABLESYNCMASK and archsynckernelmappings() to ensure page tables are properly synchronized when calling p*dpopulate_kernel().
For 5-level paging, synchronization is performed via pgdpopulatekernel(). In 4-level paging, pgdpopulate() is a no-op, so synchronization is instead performed at the P4D level via p4dpopulate_kernel().
This fixes intermittent boot failures on systems using 4-level paging and a large amount of persistent memory:
BUG: unable to handle page fault for address: ffffe70000000034 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI RIP: 0010:__initsinglepage+0x9/0x6d Call Trace: <TASK> _initzonedevicepage+0x17/0x5d memmapinitzonedevice+0x154/0x1bb pagemaprange+0x2e0/0x40f memremappages+0x10b/0x2f0 devmmemremappages+0x1e/0x60 devdaxprobe+0xce/0x2ec [devicedax] daxbusprobe+0x6d/0xc9 [... snip ...] </TASK>
It also fixes a crash in vmemmapsetpmd() caused by accessing vmemmap before syncglobalpgds() [1]:
BUG: unable to handle page fault for address: ffffeb3ff1200000 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI Tainted: [W]=WARN RIP: 0010:vmemmapsetpmd+0xff/0x230 <TASK> vmemmappopulatehugepages+0x176/0x180 vmemmappopulate+0x34/0x80 __populatesectionmemmap+0x41/0x90 sparseaddsection+0x121/0x3e0 __addpages+0xba/0x150 addpages+0x1d/0x70 memremappages+0x3dc/0x810 devmmemremappages+0x1c/0x60 xedevmadd+0x8b/0x100 [xe] xetileinitnoalloc+0x6a/0x70 [xe] xedeviceprobe+0x48c/0x740 [xe] [... snip ...]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39845.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/26ff568f390a531d1bd792e49f1a401849921960
- https://git.kernel.org/stable/c/5f761d40ee95d2624f839c90ebeef2d5c55007f5
- https://git.kernel.org/stable/c/6659d027998083fbb6d42a165b0c90dc2e8ba989
- https://git.kernel.org/stable/c/6bf9473727569e8283c1e2445c7ac42cf4fc9fa9
- https://git.kernel.org/stable/c/744ff519c72de31344a627eaf9b24e9595aae554
- https://git.kernel.org/stable/c/b7f4051dd3388edd30e9a6077c05c486aa31e0d4
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39845.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39845
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8d400913c231bd1da74067255816453f96cd35b0Fixed744ff519c72de31344a627eaf9b24e9595aae554Fixed5f761d40ee95d2624f839c90ebeef2d5c55007f5Fixed26ff568f390a531d1bd792e49f1a401849921960Fixedb7f4051dd3388edd30e9a6077c05c486aa31e0d4Fixed6bf9473727569e8283c1e2445c7ac42cf4fc9fa9Fixed6659d027998083fbb6d42a165b0c90dc2e8ba989