Memory Allocation Flaw in Linux Kernel Affects XFS Functionality

CVE-2025-39910

What is CVE-2025-39910?

A critical memory allocation vulnerability in the Linux kernel exists where the functions kasan_populate_vmalloc() and its helpers fail to respect the caller's gfp_mask. Instead, they always allocate memory using the hardcoded GFP_KERNEL flag. This inconsistency with vmalloc, which has been enhanced to handle GFP_NOFS and GFP_NOIO allocations, could lead to significant issues. Notably, page table allocations made during shadow population also overlook the external gfp_mask. This oversight risks deadlock situations, particularly when the XFS filesystem calls vmalloc with GFP_NOFS. The recent update addresses this vulnerability by extending kasan_populate_vmalloc() to accept an appropriate gfp_mask and implementing necessary changes to enforce the intended semantics of memory allocation.

References