CVE-2025-39763
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered If a synchronous error is detected as a result of user-space process triggering a 2-bit uncorrected error, the CPU will take a synchronous error exception such as Synchronous External Abort (SEA) on Arm64. The kernel will queue a memory_failure() work which poisons the related page, unmaps the page, and then sends a SIGBUS to the process, so that a system wide panic can be avoided. However, no memory_failure() work will be queued when abnormal synchronous errors occur. These errors can include situations like invalid PA, unexpected severity, no memory failure config support, invalid GUID section, etc. In such a case, the user-space process will trigger SEA again. This loop can potentially exceed the platform firmware threshold or even trigger a kernel hard lockup, leading to a system reboot. Fix it by performing a force kill if no memory_failure() work is queued for synchronous errors. [ rjw: Changelog edits ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2025-09-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39763
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves how synchronous memory errors are handled on Arm64 systems. When a user-space process triggers a 2-bit uncorrected memory error, the CPU raises a synchronous error exception (Synchronous External Abort - SEA). Normally, the kernel queues a memory_failure() work to poison and unmap the faulty memory page and sends a SIGBUS signal to the process to avoid a system-wide panic. However, if abnormal synchronous errors occur (such as invalid physical address, unexpected severity, or unsupported memory failure configuration), no memory_failure() work is queued. This causes the user-space process to trigger the SEA repeatedly, potentially exceeding firmware error thresholds or causing a kernel hard lockup and system reboot. The fix involves force killing the process if no memory_failure() work is queued for synchronous errors.

Impact Analysis

This vulnerability can lead to system instability, including kernel hard lockups and unexpected system reboots. If a user-space process triggers abnormal synchronous memory errors, the system may enter a loop of error exceptions without proper handling, potentially causing downtime or loss of service.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated with the fix that performs a force kill if no memory_failure() work is queued for synchronous errors. This prevents the system from entering a loop that can cause a hard lockup or reboot. Applying the latest kernel patches addressing this ACPI APEI issue is the immediate step to take.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39763. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart