CVE-2025-40311

When IOMMU is enabled, dmaalloccoherent() with GFPUSER may return addresses from the vmalloc range. If such an address is mapped without VMMIXEDMAP, vminsertpage() will trigger a BUGON due to the VMPFNMAP restriction.

Fix this by checking for vmalloc addresses and setting VM_MIXEDMAP in the VMA before mapping. This ensures safe mapping and avoids kernel crashes. The memory is still driver-allocated and cannot be accessed directly by userspace.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40311.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399

Fixed

7ec8ac9f73d4a9438c2186768d6de27ace37531e

Fixed

d1dfe21a332d38a6a09658ec29a55940afb5fe36

Fixed

73c7c2cdb442fc4160d2a2a4bfffbd162af06cb9

Fixed

513024d5a0e34fd34247043f1876b6138ca52847

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40311.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.8.0

Fixed

6.6.117

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.58

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40311.json"