CVE-2025-40311

Published: December 9, 2025Last modified: December 9, 2025

Description

In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: support mapping cb with vmalloc-backed coherent memory When IOMMU is enabled, dma_alloc_coherent() with GFP_USER may return addresses from the vmalloc range. If such an address is mapped without VM_MIXEDMAP, vm_insert_page() will trigger a BUG_ON due to the VM_PFNMAP restriction. Fix this by checking for vmalloc addresses and setting VM_MIXEDMAP in the VMA before mapping. This ensures safe mapping and avoids kernel crashes. The memory is still driver-allocated and cannot be accessed directly by userspace.

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	linux-lts	Vulnerable (6.1.158-r0)
	25 LTS	linux-lts	Fixed (6.12.58-r0)
	Stream	linux-lts	Fixed (6.12.58-r0)

References

https://git.kernel.org/stable/c/513024d5a0e34fd34247043f1876b6138ca52847
https://git.kernel.org/stable/c/73c7c2cdb442fc4160d2a2a4bfffbd162af06cb9
https://git.kernel.org/stable/c/7ec8ac9f73d4a9438c2186768d6de27ace37531e
https://git.kernel.org/stable/c/d1dfe21a332d38a6a09658ec29a55940afb5fe36