CVE-2025-40245
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nios2: ensure that memblock.current_limit is set when setting pfn limits On nios2, with CONFIG_FLATMEM set, the kernel relies on memblock_get_current_limit() to determine the limits of mem_map, in particular for max_low_pfn. Unfortunately, memblock.current_limit is only default initialized to MEMBLOCK_ALLOC_ANYWHERE at this point of the bootup, potentially leading to situations where max_low_pfn can erroneously exceed the value of max_pfn and, thus, the valid range of available DRAM. This can in turn cause kernel-level paging failures, e.g.: [ 76.900000] Unable to handle kernel paging request at virtual address 20303000 [ 76.900000] ea = c0080890, ra = c000462c, cause = 14 [ 76.900000] Kernel panic - not syncing: Oops [ 76.900000] ---[ end Kernel panic - not syncing: Oops ]--- This patch fixes this by pre-calculating memblock.current_limit based on the upper limits of the available memory ranges via adjust_lowmem_bounds, a simplified version of the equivalent implementation within the arm architecture.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-12-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40245
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the patch fixing the memblock.current_limit initialization issue on nios2 with CONFIG_FLATMEM. This patch ensures correct calculation of memory limits to prevent kernel paging failures.

Executive Summary

This vulnerability occurs in the Linux kernel on the nios2 architecture with CONFIG_FLATMEM set. The kernel relies on memblock.current_limit to determine memory map limits, but memblock.current_limit is only default initialized early in boot, which can cause the maximum low page frame number (max_low_pfn) to exceed the maximum page frame number (max_pfn) and the valid DRAM range. This can lead to kernel-level paging failures and kernel panics.

Impact Analysis

This vulnerability can cause kernel paging failures resulting in kernel panics, which means the system can crash and become unstable or unusable. This can lead to downtime and potential data loss or corruption.

Detection Guidance

This vulnerability can be detected by monitoring kernel logs for paging failures or kernel panics related to memory management on nios2 architecture with CONFIG_FLATMEM set. Specifically, look for messages such as 'Unable to handle kernel paging request at virtual address' and 'Kernel panic - not syncing: Oops'. You can check kernel logs using commands like 'dmesg | grep -i panic' or 'journalctl -k | grep -i paging'.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40245. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart