CVE-2025-68248
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: vmw_balloon: indicate success when effectively deflating during migration When migrating a balloon page, we first deflate the old page to then inflate the new page. However, if inflating the new page succeeded, we effectively deflated the old page, reducing the balloon size. In that case, the migration actually worked: similar to migrating+ immediately deflating the new page. The old page will be freed back to the buddy. Right now, the core will leave the page be marked as isolated (as we returned an error). When later trying to putback that page, we will run into the WARN_ON_ONCE() in balloon_page_putback(). That handling was changed in commit 3544c4faccb8 ("mm/balloon_compaction: stop using __ClearPageMovable()"); before that change, we would have tolerated that way of handling it. To fix it, let's just return 0 in that case, making the core effectively just clear the "isolated" flag + freeing it back to the buddy as if the migration succeeded. Note that the new page will also get freed when the core puts the last reference. Note that this also makes it all be more consistent: we will no longer unisolate the page in the balloon driver while keeping it marked as being isolated in migration core. This was found by code inspection.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68248
EUVD
EUVD-2025-203648
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's vmw_balloon driver during memory page migration. When migrating a balloon page, the old page is deflated before inflating the new page. If inflating the new page succeeds, the old page is effectively deflated and should be freed. However, due to an error return, the old page remains marked as isolated, causing a warning when the system later tries to put the page back. The fix changes the code to return success (0) in this case, allowing the page to be properly freed and avoiding inconsistent page isolation states.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to incorrectly handle memory pages during balloon page migration, leading to pages remaining marked as isolated and triggering warnings (WARN_ON_ONCE) in the kernel. This could potentially result in inefficient memory management or instability related to balloon memory operations during migration.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that fixes the handling of balloon page migration in the Linux kernel, specifically the change that returns 0 when effectively deflating during migration to prevent pages from being left isolated and causing WARN_ON_ONCE() errors. This ensures the kernel properly frees pages and maintains consistency. Updating the Linux kernel to a version including this fix is the recommended mitigation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart