CVE-2025-40311

Linux Kernel - Denial of Service via vmalloc-backed Coherent Memory Mapping

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: support mapping cb with vmalloc-backed coherent memory When IOMMU is enabled, dma_alloc_coherent() with GFP_USER may return addresses from the vmalloc range. If such an address is mapped without VM_MIXEDMAP, vm_insert_page() will trigger a BUG_ON due to the VM_PFNMAP restriction. Fix this by checking for vmalloc addresses and setting VM_MIXEDMAP in the VMA before mapping. This ensures safe mapping and avoids kernel crashes. The memory is still driver-allocated and cannot be accessed directly by userspace.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/7ec8ac9f73d4a9438c2186768d6de27ace37531e

Patch

https://git.kernel.org/stable/c/d1dfe21a332d38a6a09658ec29a55940afb5fe36

Patch

https://git.kernel.org/stable/c/73c7c2cdb442fc4160d2a2a4bfffbd162af06cb9

Patch

https://git.kernel.org/stable/c/513024d5a0e34fd34247043f1876b6138ca52847

Scores

EPSS 0.0003

EPSS Percentile 8.4%

Details

Status published

Products (13)

linux/Kernel 5.8.0 - 6.6.117linux

linux/Kernel 6.13.0 - 6.17.8linux

linux/Kernel 6.7.0 - 6.12.58linux

Linux/Linux < 5.8

Linux/Linux 5.8

Linux/Linux 6.12.58 - 6.12.*

Linux/Linux 6.17.8 - 6.17.*

Linux/Linux 6.18

Linux/Linux 6.6.117 - 6.6.*

Linux/Linux ac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 - 513024d5a0e34fd34247043f1876b6138ca52847

... and 3 more

Published Dec 08, 2025

Tracked Since Feb 18, 2026