CVE-2025-68737
Unknown Unknown - Not Provided
Memory Protection Bypass in Linux Kernel arm64 pageattr Component

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from __change_memory_common The rodata=on security measure requires that any code path which does vmalloc -> set_memory_ro/set_memory_rox must protect the linear map alias too. Therefore, if such a call fails, we must abort set_memory_* and caller must take appropriate action; currently we are suppressing the error, and there is a real chance of such an error arising post commit a166563e7ec3 ("arm64: mm: support large block mapping when rodata=full"). Therefore, propagate any error to the caller.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68737
EUVD
EUVD-2025-205225
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's arm64 architecture where an error from the __change_memory_common function was not properly propagated. Specifically, when the security feature rodata=on requires memory regions to be set as read-only or execute-only, any failure in setting these protections on the linear map alias was being suppressed instead of causing an abort. This could lead to memory regions not being properly protected, potentially allowing unintended code execution or modification.

Impact Analysis

If the error in setting memory protections is suppressed, it could result in memory regions that are supposed to be read-only or execute-only remaining writable or executable. This can lead to security risks such as unauthorized code execution or modification of critical kernel memory, potentially compromising system integrity and security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68737. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart