Last-In-First-Out Ordering Vulnerability in Linux Kernel on 32-bit ARM

CVE-2025-39899

What is CVE-2025-39899?

A vulnerability has been identified in the Linux kernel related to the Last-In-First-Out (LIFO) ordering for kmap_local_page operations on 32-bit ARM systems. When the CONFIG_HIGHPTE option is enabled, the function move_pages_pte() maps Page Table Entries (PTE) but fails to unmap them in the correct LIFO sequence. This incorrect ordering leads to a warning in the kunmap_local_indexed function. To address this, it is essential that the unmap order is modified to comply with the LIFO requirement, aligning with several similar fixes aimed at ensuring proper mapping and unmapping sequences within kernel operations.

References