CVE-2025-39727
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-07

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setup_clusters() In setup_swap_map(), we only ensure badpages are in range (0, last_page]. As maxpages might be < last_page, setup_clusters() will encounter a buffer overflow when a badpage is >= maxpages. Only call inc_cluster_info_page() for badpage which is < maxpages to fix the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-07
Last Modified
2025-11-25
Generated
2026-06-16
AI Q&A
2025-09-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39727
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a potential buffer overflow in the Linux kernel's memory management swap subsystem, specifically in the setup_clusters() function. The issue arises because setup_swap_map() only ensures that badpages are within the range (0, last_page], but since maxpages can be less than last_page, setup_clusters() may overflow its buffer when a badpage is greater than or equal to maxpages. The fix involves only calling inc_cluster_info_page() for badpages less than maxpages to prevent this overflow.

Impact Analysis

This vulnerability can lead to a buffer overflow in the Linux kernel's memory management system, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges, compromising system security.

Mitigation Strategies

Apply the patch or update to the fixed version of the Linux kernel that resolves the buffer overflow in setup_clusters() by ensuring inc_cluster_info_page() is only called for badpage values less than maxpages.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39727. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart