github - ghsa-m7p7-jwxv-mmf9

ghsa-m7p7-jwxv-mmf9

Vulnerability from github

Published

2025-11-12 12:30

Modified

2025-11-12 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

x86/mm: Fix SMP ordering in switch_mm_irqs_off()

Stephen noted that it is possible to not have an smp_mb() between the loaded_mm store and the tlb_gen load in switch_mm(), meaning the ordering against flush_tlb_mm_range() goes out the window, and it becomes possible for switch_mm() to not observe a recent tlb_gen update and fail to flush the TLBs.

[ dhansen: merge conflict fixed by Ingo ]

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40174"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-12T11:15:47Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix SMP ordering in switch_mm_irqs_off()\n\nStephen noted that it is possible to not have an smp_mb() between\nthe loaded_mm store and the tlb_gen load in switch_mm(), meaning the\nordering against flush_tlb_mm_range() goes out the window, and it\nbecomes possible for switch_mm() to not observe a recent tlb_gen\nupdate and fail to flush the TLBs.\n\n[ dhansen: merge conflict fixed by Ingo ]",
  "id": "GHSA-m7p7-jwxv-mmf9",
  "modified": "2025-11-12T12:30:28Z",
  "published": "2025-11-12T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40174"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fe5e3f5fb75c5d88dad24dece3ee75e9d87adeb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83b0177a6c4889b3a6e865da5e21b2c9d97d0551"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-40174 (GCVE-0-2025-40174)

Vulnerability from cvelistv5

Published

2025-11-12 10:53

Modified

2025-11-12 10:53

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix SMP ordering in switch_mm_irqs_off() Stephen noted that it is possible to not have an smp_mb() between the loaded_mm store and the tlb_gen load in switch_mm(), meaning the ordering against flush_tlb_mm_range() goes out the window, and it becomes possible for switch_mm() to not observe a recent tlb_gen update and fail to flush the TLBs. [ dhansen: merge conflict fixed by Ingo ]

References

URL

Tags

	https://git.kernel.org/stable/c/0fe5e3f5fb75c5d88dad24dece3ee75e9d87adeb
	https://git.kernel.org/stable/c/83b0177a6c4889b3a6e865da5e21b2c9d97d0551

Impacted products

Vendor

Product

Version

Version: 209954cbc7d0ce1a190fc725d20ce303d74d2680
Version: 209954cbc7d0ce1a190fc725d20ce303d74d2680

Version: 6.14

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/tlb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0fe5e3f5fb75c5d88dad24dece3ee75e9d87adeb",
              "status": "affected",
              "version": "209954cbc7d0ce1a190fc725d20ce303d74d2680",
              "versionType": "git"
            },
            {
              "lessThan": "83b0177a6c4889b3a6e865da5e21b2c9d97d0551",
              "status": "affected",
              "version": "209954cbc7d0ce1a190fc725d20ce303d74d2680",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/tlb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18-rc2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.5",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18-rc2",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix SMP ordering in switch_mm_irqs_off()\n\nStephen noted that it is possible to not have an smp_mb() between\nthe loaded_mm store and the tlb_gen load in switch_mm(), meaning the\nordering against flush_tlb_mm_range() goes out the window, and it\nbecomes possible for switch_mm() to not observe a recent tlb_gen\nupdate and fail to flush the TLBs.\n\n[ dhansen: merge conflict fixed by Ingo ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-12T10:53:49.859Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0fe5e3f5fb75c5d88dad24dece3ee75e9d87adeb"
        },
        {
          "url": "https://git.kernel.org/stable/c/83b0177a6c4889b3a6e865da5e21b2c9d97d0551"
        }
      ],
      "title": "x86/mm: Fix SMP ordering in switch_mm_irqs_off()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40174",
    "datePublished": "2025-11-12T10:53:49.859Z",
    "dateReserved": "2025-04-16T07:20:57.177Z",
    "dateUpdated": "2025-11-12T10:53:49.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.