Linux kernel Vulnerability Affecting 32-bit Architectures
CVE-2025-40199

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40199?

A vulnerability in the Linux kernel affects 32-bit architectures, where the PP_MAGIC_MASK was incorrectly implemented, causing system crashes during boot on certain devices. The issue arises from misinterpretation of kernel pointers as page-pool tagged pages, leading to false positives that result in machine crashes. A recent patch addresses this by adjusting the definition of PP_DMA_INDEX_BITS, ensuring that the integrity of the page pool management system is maintained while preventing erroneous crashes. The fix's effectiveness relies on specific conditions related to kernel pointer assumptions.

Affected Version(s)

Linux 4f51fb0d257ff4d406ec27966902de075e3b118e < 15b8a5b4cdc16e9a8bb2a548e12a0fd92997605a

Linux ee62ce7a1d909ccba0399680a03c2dee83bcae95

Linux ee62ce7a1d909ccba0399680a03c2dee83bcae95 < 95920c2ed02bde551ab654e9749c2ca7bc3100e0

References

https://git.kernel.org/stable/c/15b8a5b4cdc16e9a8bb2a548e...

https://git.kernel.org/stable/c/f62934cea32c8f7b11b747975...

https://git.kernel.org/stable/c/95920c2ed02bde551ab654e97...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON