CVE-2025-39836

16.09.2025, 14:15

In the Linux kernel, the following vulnerability has been resolved:

efi: stmm: Fix incorrect buffer allocation method

The communication buffer allocated by setup_mm_hdr() is later on passed
to tee_shm_register_kernel_buf(). The latter expects those buffers to be
contiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause
various corruptions or BUGs, specifically since commit 9aec2fb0fd5e
("slab: allocate frozen pages"), though it was broken before as well.

Fix this by using alloc_pages_exact() instead of kmalloc().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.148-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie	vulnerable
trixie (security)	vulnerable
forky	vulnerable
sid	6.16.7-1 fixed

References

https://git.kernel.org/stable/c/630c0e6064daf84f17aad1a7d9ca76b562e3fe47

https://git.kernel.org/stable/c/77ff27ff0e4529a003c8a1c2492c111968c378d3

https://git.kernel.org/stable/c/c5e81e672699e0c5557b2b755cc8f7a69aa92bff