CVE-2025-39899
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-12-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE With CONFIG_HIGHPTE on 32-bit ARM, move_pages_pte() maps PTE pages using kmap_local_page(), which requires unmapping in Last-In-First-Out order. The current code maps dst_pte first, then src_pte, but unmaps them in the same order (dst_pte, src_pte), violating the LIFO requirement. This causes the warning in kunmap_local_indexed(): WARNING: CPU: 0 PID: 604 at mm/highmem.c:622 kunmap_local_indexed+0x178/0x17c addr \!= __fix_to_virt(FIX_KMAP_BEGIN + idx) Fix this by reversing the unmap order to respect LIFO ordering. This issue follows the same pattern as similar fixes: - commit eca6828403b8 ("crypto: skcipher - fix mismatch between mapping and unmapping order") - commit 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename") Both of which addressed the same fundamental requirement that kmap_local operations must follow LIFO ordering.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-10-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39899
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.8 (inc) to 6.12.46 (exc)
linux linux_kernel From 6.13 (inc) to 6.16.6 (exc)
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is related to the Linux kernel's memory management on 32-bit ARM systems with CONFIG_HIGHPTE enabled. The function move_pages_pte() maps page table entries (PTE) using kmap_local_page(), which requires that pages be unmapped in Last-In-First-Out (LIFO) order. However, the existing code unmapped the pages in the same order they were mapped, violating the LIFO requirement. This causes a warning in the kernel and indicates improper handling of memory mappings. The fix reverses the unmap order to respect the LIFO requirement.

Impact Analysis

The improper unmapping order can cause warnings and potentially unstable behavior in the kernel's memory management on affected systems. While the description does not explicitly mention crashes or security breaches, violating the LIFO unmapping order can lead to memory corruption or kernel instability, which may affect system reliability and performance.

Detection Guidance

This vulnerability can be detected by monitoring the system logs for the specific warning message generated by the kernel: 'WARNING: CPU: ... kunmap_local_indexed+0x178/0x17c addr != __fix_to_virt(FIX_KMAP_BEGIN + idx)'. You can use the command 'dmesg | grep kunmap_local_indexed' or 'journalctl -k | grep kunmap_local_indexed' to search for this warning in the kernel logs.

Mitigation Strategies

The immediate mitigation is to update the Linux kernel to a version that includes the fix for this issue, which corrects the unmapping order to follow Last-In-First-Out (LIFO) as required by kmap_local_page(). Until the update is applied, monitoring for the warning message can help identify if the issue is occurring.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39899. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart