CVE-2025-39700
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damon_migrate_pages() tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOS_MIGRATE_{HOT,COLD} action, the below kernel BUG can happen. [ 7831.883495] BUG: unable to handle page fault for address: 0000000000001f48 [ 7831.884160] #PF: supervisor read access in kernel mode [ 7831.884681] #PF: error_code(0x0000) - not-present page [ 7831.885203] PGD 0 P4D 0 [ 7831.885468] Oops: Oops: 0000 [#1] SMP PTI [ 7831.885852] CPU: 31 UID: 0 PID: 94202 Comm: kdamond.0 Not tainted 6.16.0-rc5-mm-new-damon+ #93 PREEMPT(voluntary) [ 7831.886913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.el9 04/01/2014 [ 7831.887777] RIP: 0010:__alloc_frozen_pages_noprof (include/linux/mmzone.h:1724 include/linux/mmzone.h:1750 mm/page_alloc.c:4936 mm/page_alloc.c:5137) [...] [ 7831.895953] Call Trace: [ 7831.896195] <TASK> [ 7831.896397] __folio_alloc_noprof (mm/page_alloc.c:5183 mm/page_alloc.c:5192) [ 7831.896787] migrate_pages_batch (mm/migrate.c:1189 mm/migrate.c:1851) [ 7831.897228] ? __pfx_alloc_migration_target (mm/migrate.c:2137) [ 7831.897735] migrate_pages (mm/migrate.c:2078) [ 7831.898141] ? __pfx_alloc_migration_target (mm/migrate.c:2137) [ 7831.898664] damon_migrate_folio_list (mm/damon/ops-common.c:321 mm/damon/ops-common.c:354) [ 7831.899140] damon_migrate_pages (mm/damon/ops-common.c:405) [...] Add a target node validity check in damon_migrate_pages(). The validity check is stolen from that of do_pages_move(), which is being used for the move_pages() system call.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-11-25
Generated
2026-05-07
AI Q&A
2025-09-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39700
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's memory management subsystem, specifically in the damon_migrate_pages() function. The function attempts to migrate memory pages to a target node without verifying if the target node is valid. If an invalid node is specified, it can cause a kernel BUG, leading to a crash or system instability due to an unhandled page fault in kernel mode.


How can this vulnerability impact me? :

If exploited or triggered by invalid migration requests, this vulnerability can cause the Linux kernel to crash or become unstable, resulting in denial of service. This can disrupt system operations and potentially lead to data loss or downtime.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for kernel BUG messages related to damon_migrate_pages() and invalid node migration requests. Specifically, look for kernel Oops or BUG messages similar to: [ 7831.883495] BUG: unable to handle page fault for address: ... [ 7831.885468] Oops: Oops: 0000 [#1] SMP PTI [ 7831.886913] CPU: ... Comm: kdamond.0 ... You can use commands like: 1. dmesg | grep -i 'BUG\|Oops\|damon_migrate_pages' 2. journalctl -k | grep -i 'BUG\|Oops\|damon_migrate_pages' These commands help identify if the kernel has encountered the specific bug triggered by invalid migration requests.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, ensure that any user or process making migration requests via DAMOS_MIGRATE_{HOT,COLD} actions only targets valid nodes. Since the vulnerability arises from invalid node migration requests, validating or restricting such requests can prevent the kernel BUG. Additionally, update the Linux kernel to a version that includes the patch adding the target node validity check in damon_migrate_pages(), as this resolves the issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart