CVE-2025-39700
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39700
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39700.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-39700
- Downstream
- Published
- 2025-09-05T17:21:06Z
- Modified
- 2025-10-22T15:25:51.237336Z
- Summary
- mm/damon/ops-common: ignore migration request to invalid nodes
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/ops-common: ignore migration request to invalid nodes
damonmigratepages() tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOSMIGRATE{HOT,COLD} action, the below kernel BUG can happen.
[ 7831.883495] BUG: unable to handle page fault for address: 0000000000001f48 [ 7831.884160] #PF: supervisor read access in kernel mode [ 7831.884681] #PF: error_code(0x0000) - not-present page [ 7831.885203] PGD 0 P4D 0 [ 7831.885468] Oops: Oops: 0000 [#1] SMP PTI [ 7831.885852] CPU: 31 UID: 0 PID: 94202 Comm: kdamond.0 Not tainted 6.16.0-rc5-mm-new-damon+ #93 PREEMPT(voluntary) [ 7831.886913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.el9 04/01/2014 [ 7831.887777] RIP: 0010:__alloc_frozen_pages_noprof (include/linux/mmzone.h:1724 include/linux/mmzone.h:1750 mm/page_alloc.c:4936 mm/page_alloc.c:5137) [...] [ 7831.895953] Call Trace: [ 7831.896195] <TASK> [ 7831.896397] __folio_alloc_noprof (mm/page_alloc.c:5183 mm/page_alloc.c:5192) [ 7831.896787] migrate_pages_batch (mm/migrate.c:1189 mm/migrate.c:1851) [ 7831.897228] ? __pfx_alloc_migration_target (mm/migrate.c:2137) [ 7831.897735] migrate_pages (mm/migrate.c:2078) [ 7831.898141] ? __pfx_alloc_migration_target (mm/migrate.c:2137) [ 7831.898664] damon_migrate_folio_list (mm/damon/ops-common.c:321 mm/damon/ops-common.c:354) [ 7831.899140] damon_migrate_pages (mm/damon/ops-common.c:405) [...]Add a target node validity check in damonmigratepages(). The validity check is stolen from that of dopagesmove(), which is being used for the move_pages() system call.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb51820ebea656be3b48bb16dcdc5ad3f203c4fd7Fixed7c303fa1f311aadc17fa82b7bbf776412adf45de
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb51820ebea656be3b48bb16dcdc5ad3f203c4fd7Fixed9d0c2d15aff96746f99a7c97221bb8ce5b62db19
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb51820ebea656be3b48bb16dcdc5ad3f203c4fd7Fixed7e6c3130690a01076efdf45aa02ba5d5c16849a0
Affected versions
v6.*
v6.10
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.16.2
v6.16.3
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e6c3130690a01076efdf45aa02ba5d5c16849a0",
"target": {
"function": "damon_migrate_pages",
"file": "mm/damon/ops-common.c"
},
"id": "CVE-2025-39700-10239486",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "47421370731528859820207507568210861607",
"length": 623.0
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e6c3130690a01076efdf45aa02ba5d5c16849a0",
"target": {
"file": "mm/damon/ops-common.c"
},
"id": "CVE-2025-39700-466bcd96",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"190493640681743666083036201086725262267",
"290497579978942777656434077989772811061",
"44861907170254491866602334250634425580"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c303fa1f311aadc17fa82b7bbf776412adf45de",
"target": {
"file": "mm/damon/paddr.c"
},
"id": "CVE-2025-39700-539fa19a",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"190493640681743666083036201086725262267",
"290497579978942777656434077989772811061",
"44861907170254491866602334250634425580"
],
"threshold": 0.9
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c303fa1f311aadc17fa82b7bbf776412adf45de",
"target": {
"function": "damon_pa_migrate_pages",
"file": "mm/damon/paddr.c"
},
"id": "CVE-2025-39700-f7ea2699",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "24999326068807940954896198761135025729",
"length": 630.0
}
}
]