CVE-2025-39700

{"id": "CVE-2025-39700", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-09-05T18:15:47.003", "references": [{"url": "https://git.kernel.org/stable/c/7c303fa1f311aadc17fa82b7bbf776412adf45de", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7e6c3130690a01076efdf45aa02ba5d5c16849a0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9d0c2d15aff96746f99a7c97221bb8ce5b62db19", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/ops-common: ignore migration request to invalid nodes\n\ndamon_migrate_pages() tries migration even if the target node is invalid. \nIf users mistakenly make such invalid requests via\nDAMOS_MIGRATE_{HOT,COLD} action, the below kernel BUG can happen.\n\n [ 7831.883495] BUG: unable to handle page fault for address: 0000000000001f48\n [ 7831.884160] #PF: supervisor read access in kernel mode\n [ 7831.884681] #PF: error_code(0x0000) - not-present page\n [ 7831.885203] PGD 0 P4D 0\n [ 7831.885468] Oops: Oops: 0000 [#1] SMP PTI\n [ 7831.885852] CPU: 31 UID: 0 PID: 94202 Comm: kdamond.0 Not tainted 6.16.0-rc5-mm-new-damon+ #93 PREEMPT(voluntary)\n [ 7831.886913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.el9 04/01/2014\n [ 7831.887777] RIP: 0010:__alloc_frozen_pages_noprof (include/linux/mmzone.h:1724 include/linux/mmzone.h:1750 mm/page_alloc.c:4936 mm/page_alloc.c:5137)\n [...]\n [ 7831.895953] Call Trace:\n [ 7831.896195] <TASK>\n [ 7831.896397] __folio_alloc_noprof (mm/page_alloc.c:5183 mm/page_alloc.c:5192)\n [ 7831.896787] migrate_pages_batch (mm/migrate.c:1189 mm/migrate.c:1851)\n [ 7831.897228] ? __pfx_alloc_migration_target (mm/migrate.c:2137)\n [ 7831.897735] migrate_pages (mm/migrate.c:2078)\n [ 7831.898141] ? __pfx_alloc_migration_target (mm/migrate.c:2137)\n [ 7831.898664] damon_migrate_folio_list (mm/damon/ops-common.c:321 mm/damon/ops-common.c:354)\n [ 7831.899140] damon_migrate_pages (mm/damon/ops-common.c:405)\n [...]\n\nAdd a target node validity check in damon_migrate_pages(). The validity\ncheck is stolen from that of do_pages_move(), which is being used for the\nmove_pages() system call."}], "lastModified": "2025-11-25T21:15:03.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A835B07F-2D84-4B25-9428-AA9A65B8D91F", "versionEndExcluding": "6.12.44", "versionStartIncluding": "6.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFC28995-B8C3-4B68-8CB6-78E792B6629D", "versionEndExcluding": "6.16.4", "versionStartIncluding": "6.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}