CVE-2025-68179
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP As reported by Luiz Capitulino enabling HVO on s390 leads to reproducible crashes. The problem is that kernel page tables are modified without flushing corresponding TLB entries. Even if it looks like the empty flush_tlb_all() implementation on s390 is the problem, it is actually a different problem: on s390 it is not allowed to replace an active/valid page table entry with another valid page table entry without the detour over an invalid entry. A direct replacement may lead to random crashes and/or data corruption. In order to invalidate an entry special instructions have to be used (e.g. ipte or idte). Alternatively there are also special instructions available which allow to replace a valid entry with a different valid entry (e.g. crdte or cspg). Given that the HVO code currently does not provide the hooks to allow for an implementation which is compliant with the s390 architecture requirements, disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP again, which is basically a revert of the original patch which enabled it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68179
EUVD
EUVD-2025-203717
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel on the s390 architecture when enabling Huge Virtual Memory Optimization (HVO). It causes crashes because kernel page tables are modified without properly flushing the corresponding Translation Lookaside Buffer (TLB) entries. On s390, replacing an active page table entry directly with another valid entry without first invalidating it is not allowed and can lead to random crashes or data corruption. The vulnerability arises because the HVO code lacks the necessary hooks to comply with s390's requirements for safely replacing page table entries, leading to system instability.


How can this vulnerability impact me? :

This vulnerability can cause reproducible system crashes and potential data corruption on systems using the s390 architecture with the Linux kernel when HVO is enabled. This can lead to system instability, unexpected downtime, and possible loss or corruption of data.


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to ensure that the Linux kernel on s390 architecture disables the ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP feature, effectively reverting the patch that enabled it. This prevents kernel page tables from being modified without proper TLB flushing, avoiding crashes and data corruption.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart