CVE-2025-40218
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table walk callback function. This is for reading and writing page table accessed bits. If pte_offset_map_lock() fails, it retries by returning the page table walk callback function with ACTION_AGAIN. pte_offset_map_lock() can continuously fail if the target is a pmd migration entry, though. Hence it could cause an infinite page table walk if the migration cannot be done until the page table walk is finished. This indeed caused a soft lockup when CPU hotplugging and DAMON were running in parallel. Avoid the infinite loop by simply not retrying the page table walk. DAMON is promising only a best-effort accuracy, so missing access to such pages is no problem.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-12-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40218
EUVD
EUVD-2025-201185
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's DAMON virtual address space operation set implementation. The function pte_offset_map_lock() is called during a page table walk to read and write page table accessed bits. If pte_offset_map_lock() fails, the code retries the operation. However, if the target is a pmd migration entry, pte_offset_map_lock() can continuously fail, causing an infinite loop in the page table walk. This infinite loop can lead to a soft lockup, especially when CPU hotplugging and DAMON run simultaneously. The fix avoids retrying the page table walk to prevent the infinite loop, accepting some loss in accuracy as DAMON only promises best-effort accuracy.

Impact Analysis

This vulnerability can cause a soft lockup in the system, which means the CPU can become unresponsive or stuck in an infinite loop during certain operations like CPU hotplugging when DAMON is running. This can degrade system stability and availability, potentially leading to downtime or requiring a system reboot to recover.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the issue in mm/damon/vaddr has been fixed. This update avoids the infinite loop caused by repeated pte_offset_map_lock() retries during page table walks. Since the vulnerability causes a soft lockup when CPU hotplugging and DAMON run in parallel, avoiding running these operations simultaneously until the patch is applied may reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40218. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart