CVE-2025-68231
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/mempool: fix poisoning order>0 pages with HIGHMEM The kernel test has reported: BUG: unable to handle page fault for address: fffba000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page *pde = 03171067 *pte = 00000000 Oops: Oops: 0002 [#1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE a1d066dfe789f54bc7645c7989957d2bdee593ca Tainted: [T]=RANDSTRUCT Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 EIP: memset (arch/x86/include/asm/string_32.h:168 arch/x86/lib/memcpy_32.c:17) Code: a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 04 5e 5f 5d 2e e9 73 41 01 00 90 90 90 3e 8d 74 26 00 55 89 e5 57 56 89 c6 89 d0 89 f7 <f3> aa 89 f0 5e 5f 5d 2e e9 53 41 01 00 cc cc cc 55 89 e5 53 57 56 EAX: 0000006b EBX: 00000015 ECX: 001fefff EDX: 0000006b ESI: fffb9000 EDI: fffba000 EBP: c611fbf0 ESP: c611fbe8 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010287 CR0: 80050033 CR2: fffba000 CR3: 0316e000 CR4: 00040690 Call Trace: poison_element (mm/mempool.c:83 mm/mempool.c:102) mempool_init_node (mm/mempool.c:142 mm/mempool.c:226) mempool_init_noprof (mm/mempool.c:250 (discriminator 1)) ? mempool_alloc_pages (mm/mempool.c:640) bio_integrity_initfn (block/bio-integrity.c:483 (discriminator 8)) ? mempool_alloc_pages (mm/mempool.c:640) do_one_initcall (init/main.c:1283) Christoph found out this is due to the poisoning code not dealing properly with CONFIG_HIGHMEM because only the first page is mapped but then the whole potentially high-order page is accessed. We could give up on HIGHMEM here, but it's straightforward to fix this with a loop that's mapping, poisoning or checking and unmapping individual pages.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68231
EUVD
EUVD-2025-203665
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.18.0-rc2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for kernel oops messages related to page faults and memory poisoning errors, specifically messages like 'BUG: unable to handle page fault for address: fffba000' and traces involving mempool functions. Checking the kernel logs (e.g., using 'dmesg' or 'journalctl -k') for such oops messages can help identify if the system is affected. Example commands to detect this include: 'dmesg | grep -i "BUG: unable to handle page fault"' or 'journalctl -k | grep mempool'.


Can you explain this vulnerability to me?

This vulnerability in the Linux kernel relates to the memory pool (mempool) subsystem, specifically how it handles poisoning of high-order pages when CONFIG_HIGHMEM is enabled. The poisoning code does not properly manage pages beyond the first one in a high-order allocation, leading to a kernel page fault and an 'Oops' error due to supervisor write access on a not-present page. The issue arises because only the first page is mapped, but the code attempts to access the entire high-order page, causing a fault. The fix involves iterating over individual pages to map, poison, check, and unmap them properly.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash or become unstable due to a page fault triggered by improper handling of high-order memory pages. This can lead to system crashes (kernel oops), potentially causing downtime or data loss on affected systems running the vulnerable kernel version.


What immediate steps should I take to mitigate this vulnerability?

Apply the Linux kernel patch that fixes the poisoning order>0 pages with HIGHMEM issue in the mm/mempool subsystem. This involves updating your kernel to a version that includes the fix for this vulnerability, as it addresses the improper handling of HIGHMEM pages during poisoning. Avoid using kernels with the vulnerable code until patched.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart