CVE-2025-40153
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect() to a large hugetlb memory area in our customer's workload (~300GB hugetlb memory), soft lockup was observed: watchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916] CPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7 Hardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025 pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pcΒ : mte_clear_page_tags+0x14/0x24 lrΒ : mte_sync_tags+0x1c0/0x240 spΒ : ffff80003150bb80 x29: ffff80003150bb80 x28: ffff00739e9705a8 x27: 0000ffd2d6a00000 x26: 0000ff8e4bc00000 x25: 00e80046cde00f45 x24: 0000000000022458 x23: 0000000000000000 x22: 0000000000000004 x21: 000000011b380000 x20: ffff000000000000 x19: 000000011b379f40 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : ffffc875e0aa5e2c x8Β : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5Β : fffffc01ce7a5c00 x4 : 00000000046cde00 x3 : fffffc0000000000 x2Β : 0000000000000004 x1 : 0000000000000040 x0 : ffff0046cde7c000 Call trace: Β Β mte_clear_page_tags+0x14/0x24 Β Β set_huge_pte_at+0x25c/0x280 Β Β hugetlb_change_protection+0x220/0x430 Β Β change_protection+0x5c/0x8c Β Β mprotect_fixup+0x10c/0x294 Β Β do_mprotect_pkey.constprop.0+0x2e0/0x3d4 Β Β __arm64_sys_mprotect+0x24/0x44 Β Β invoke_syscall+0x50/0x160 Β Β el0_svc_common+0x48/0x144 Β Β do_el0_svc+0x30/0xe0 Β Β el0_svc+0x30/0xf0 Β Β el0t_64_sync_handler+0xc4/0x148 Β Β el0t_64_sync+0x1a4/0x1a8 Soft lockup is not triggered with THP or base page because there is cond_resched() called for each PMD size. Although the soft lockup was triggered by MTE, it should be not MTE specific. The other processing which takes long time in the loop may trigger soft lockup too. So add cond_resched() for hugetlb to avoid soft lockup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40153
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.17-rc7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's memory management subsystem when the mprotect() system call is used on a large hugetlb memory area (around 300GB). It causes a 'soft lockup', where a CPU gets stuck for an extended period (e.g., 23 seconds), leading to system unresponsiveness. The issue arises because the kernel does not yield the CPU during long processing loops in hugetlb memory protection changes, unlike other memory types. The fix involves adding a conditional reschedule call (cond_resched()) to prevent the CPU from being stuck.


How can this vulnerability impact me? :

This vulnerability can cause a CPU core to become unresponsive for a significant time during memory protection changes on large hugetlb memory areas, leading to system performance degradation or temporary system hangs. This can affect workloads that use large hugetlb memory allocations, potentially causing delays or interruptions in service.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for soft lockup kernel warnings related to mprotect calls on large hugetlb memory areas. Specifically, look for kernel messages like 'watchdog: BUG: soft lockup - CPU#<num> stuck for <seconds>!'. You can check kernel logs using commands such as 'dmesg | grep -i soft lockup' or 'journalctl -k | grep -i soft lockup'. Additionally, monitoring processes that call mprotect on large hugetlb memory regions (~300GB) may help identify triggering conditions.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version that includes the fix for this issue, which adds cond_resched() calls in the hugetlb mprotect path to avoid soft lockups. Until the patch is applied, avoid workloads that call mprotect() on very large hugetlb memory areas to prevent triggering the soft lockup. Monitoring and limiting the size of hugetlb memory areas used by applications can also reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart