Linux Kernel Soft Lockup Vulnerability in Hugetlb Memory Management
CVE-2025-40153
What is CVE-2025-40153?
A soft lockup was observed in the Linux kernel when using the 'mprotect()' function with large hugetlb memory areas, specifically around 300GB. This issue was indicated by a CPU getting stuck for an extended period, affecting system performance. The root of the problem was identified in the handling of large memory areas without appropriate scheduling, which could lead to prolonged processing times and unresponsive states. Improvements in the kernel have since added checks to mitigate this risk by incorporating scheduling points during memory protection adjustments for hugetlb, ensuring smoother operation and reducing the likelihood of system hang-ups.
Affected Version(s)
Linux 8f860591ffb29738cf5539b6fbf27f50dcdeb380 < 30498c44c2a0b20f6833ed7d8fc3df901507f760
Linux 8f860591ffb29738cf5539b6fbf27f50dcdeb380 < 5783485ab2be06be5312b26c8793526edc09123d
Linux 8f860591ffb29738cf5539b6fbf27f50dcdeb380 < 547e123e9d342a44c756446640ed847a8aeec611