CVE-2025-39836
EUVD-2025-2957816.09.2025, 14:15
In the Linux kernel, the following vulnerability has been resolved:
efi: stmm: Fix incorrect buffer allocation method
The communication buffer allocated by setup_mm_hdr() is later on passed
to tee_shm_register_kernel_buf(). The latter expects those buffers to be
contiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause
various corruptions or BUGs, specifically since commit 9aec2fb0fd5e
("slab: allocate frozen pages"), though it was broken before as well.
Fix this by using alloc_pages_exact() instead of kmalloc().EnginsightAffected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 6.8 ≤ 𝑥 < 6.12.45 |
| linux | linux_kernel | 6.13 ≤ 𝑥 < 6.16.5 |
| linux | linux_kernel | 6.17:rc1 |
| linux | linux_kernel | 6.17:rc2 |
| linux | linux_kernel | 6.17:rc3 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||
|---|---|---|---|---|---|---|---|
| kernel-64kb |
| ||||||
| kernel-azure |
| ||||||
| kernel-default |
| ||||||
| kernel-default-base |
| ||||||
| kernel-docs |
| ||||||
| kernel-macros |
| ||||||
| kernel-obs-build |
| ||||||
| kernel-source |
| ||||||
| kernel-source-azure |
| ||||||
| kernel-syms |
| ||||||
| kernel-syms-azure |
| ||||||
| kernel-zfcpdump |
|
Common Weakness Enumeration