{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68737","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.029Z","datePublished":"2025-12-24T12:09:35.773Z","dateUpdated":"2026-05-11T21:52:22.300Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:52:22.300Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\narm64/pageattr: Propagate return value from __change_memory_common\n\nThe rodata=on security measure requires that any code path which does\nvmalloc -> set_memory_ro/set_memory_rox must protect the linear map alias\ntoo. Therefore, if such a call fails, we must abort set_memory_* and caller\nmust take appropriate action; currently we are suppressing the error, and\nthere is a real chance of such an error arising post commit a166563e7ec3\n(\"arm64: mm: support large block mapping when rodata=full\"). Therefore,\npropagate any error to the caller."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/arm64/mm/pageattr.c"],"versions":[{"version":"a166563e7ec375b38a0fd3a58f7b77e50a6bc6a8","lessThan":"3e2fc1e57a5361633a4bf4222640c6bfe41ff8ea","status":"affected","versionType":"git"},{"version":"a166563e7ec375b38a0fd3a58f7b77e50a6bc6a8","lessThan":"e5efd56fa157d2e7d789949d1d64eccbac18a897","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/arm64/mm/pageattr.c"],"versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3e2fc1e57a5361633a4bf4222640c6bfe41ff8ea"},{"url":"https://git.kernel.org/stable/c/e5efd56fa157d2e7d789949d1d64eccbac18a897"}],"title":"arm64/pageattr: Propagate return value from __change_memory_common","x_generator":{"engine":"bippy-1.2.0"}}}}