{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68231","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T13:41:40.258Z","datePublished":"2025-12-16T13:57:23.712Z","dateUpdated":"2026-05-11T21:49:21.992Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:49:21.992Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempool: fix poisoning order>0 pages with HIGHMEM\n\nThe kernel test has reported:\n\n BUG: unable to handle page fault for address: fffba000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n *pde = 03171067 *pte = 00000000\n Oops: Oops: 0002 [#1]\n CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE a1d066dfe789f54bc7645c7989957d2bdee593ca\n Tainted: [T]=RANDSTRUCT\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n EIP: memset (arch/x86/include/asm/string_32.h:168 arch/x86/lib/memcpy_32.c:17)\n Code: a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 04 5e 5f 5d 2e e9 73 41 01 00 90 90 90 3e 8d 74 26 00 55 89 e5 57 56 89 c6 89 d0 89 f7 aa 89 f0 5e 5f 5d 2e e9 53 41 01 00 cc cc cc 55 89 e5 53 57 56\n EAX: 0000006b EBX: 00000015 ECX: 001fefff EDX: 0000006b\n ESI: fffb9000 EDI: fffba000 EBP: c611fbf0 ESP: c611fbe8\n DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010287\n CR0: 80050033 CR2: fffba000 CR3: 0316e000 CR4: 00040690\n Call Trace:\n poison_element (mm/mempool.c:83 mm/mempool.c:102)\n mempool_init_node (mm/mempool.c:142 mm/mempool.c:226)\n mempool_init_noprof (mm/mempool.c:250 (discriminator 1))\n ? mempool_alloc_pages (mm/mempool.c:640)\n bio_integrity_initfn (block/bio-integrity.c:483 (discriminator 8))\n ? mempool_alloc_pages (mm/mempool.c:640)\n do_one_initcall (init/main.c:1283)\n\nChristoph found out this is due to the poisoning code not dealing\nproperly with CONFIG_HIGHMEM because only the first page is mapped but\nthen the whole potentially high-order page is accessed.\n\nWe could give up on HIGHMEM here, but it's straightforward to fix this\nwith a loop that's mapping, poisoning or checking and unmapping\nindividual pages."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/mempool.c"],"versions":[{"version":"bdfedb76f4f5aa5e37380e3b71adee4a39f30fc6","lessThan":"ea4131665107e66ece90e66bcec1a2f1246cbd41","status":"affected","versionType":"git"},{"version":"bdfedb76f4f5aa5e37380e3b71adee4a39f30fc6","lessThan":"19de79aaea33ee1ea058c8711b3b2b4a7e4decd4","status":"affected","versionType":"git"},{"version":"bdfedb76f4f5aa5e37380e3b71adee4a39f30fc6","lessThan":"6a13b56537e7b0d97f4bb74e8038ce471f9770d7","status":"affected","versionType":"git"},{"version":"bdfedb76f4f5aa5e37380e3b71adee4a39f30fc6","lessThan":"a79e49e1704367b635edad1479db23d7cf1fb71a","status":"affected","versionType":"git"},{"version":"bdfedb76f4f5aa5e37380e3b71adee4a39f30fc6","lessThan":"ec33b59542d96830e3c89845ff833cf7b25ef172","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/mempool.c"],"versions":[{"version":"4.1","status":"affected"},{"version":"0","lessThan":"4.1","status":"unaffected","versionType":"semver"},{"version":"6.1.159","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.118","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.60","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.10","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"6.1.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"6.6.118"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"6.12.60"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"6.17.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ea4131665107e66ece90e66bcec1a2f1246cbd41"},{"url":"https://git.kernel.org/stable/c/19de79aaea33ee1ea058c8711b3b2b4a7e4decd4"},{"url":"https://git.kernel.org/stable/c/6a13b56537e7b0d97f4bb74e8038ce471f9770d7"},{"url":"https://git.kernel.org/stable/c/a79e49e1704367b635edad1479db23d7cf1fb71a"},{"url":"https://git.kernel.org/stable/c/ec33b59542d96830e3c89845ff833cf7b25ef172"}],"title":"mm/mempool: fix poisoning order>0 pages with HIGHMEM","x_generator":{"engine":"bippy-1.2.0"}}}}