ACPI Vulnerability in Linux Kernel Affects User-Space Processes

CVE-2025-39763

What is CVE-2025-39763?

A vulnerability in the Linux kernel's ACPI subsystem affects the handling of synchronous memory errors triggered by user-space processes. When a 2-bit uncorrected error occurs, the kernel attempts to manage the situation by queuing a memory_failure() task to poison and unmap the problematic memory page. However, if an abnormal synchronous error arises—such as those from invalid addresses or unsupported configurations—the kernel fails to queue this task, causing the user-space process to repeatedly trigger an error that may lead to a kernel hard lockup or system reboot. The recommended fix involves implementing a force kill mechanism when no task is queued to prevent this loop from occurring.

References