{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T12:56:19.928","vulnerabilities":[{"cve":{"id":"CVE-2025-37818","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-05-08T07:15:53.040","lastModified":"2025-11-12T21:34:55.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Return NULL from huge_pte_offset() for invalid PMD\n\nLoongArch's huge_pte_offset() currently returns a pointer to a PMD slot\neven if the underlying entry points to invalid_pte_table (indicating no\nmapping). Callers like smaps_hugetlb_range() fetch this invalid entry\nvalue (the address of invalid_pte_table) via this pointer.\n\nThe generic is_swap_pte() check then incorrectly identifies this address\nas a swap entry on LoongArch, because it satisfies the \"!pte_present()\n&& !pte_none()\" conditions. This misinterpretation, combined with a\ncoincidental match by is_migration_entry() on the address bits, leads to\nkernel crashes in pfn_swap_entry_to_page().\n\nFix this at the architecture level by modifying huge_pte_offset() to\ncheck the PMD entry's content using pmd_none() before returning. If the\nentry is invalid (i.e., it points to invalid_pte_table), return NULL\ninstead of the pointer to the slot."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: Devuelve NULL desde huge_pte_offset() para PMD no válido. La función huge_pte_offset() de LoongArch actualmente devuelve un puntero a una ranura PMD incluso si la entrada subyacente apunta a invalid_pte_table (lo que indica que no hay asignación). Llamadores como smaps_hugetlb_range() obtienen este valor de entrada no válido (la dirección de invalid_pte_table) a través de este puntero. La comprobación genérica is_swap_pte() identifica incorrectamente esta dirección como una entrada de intercambio en LoongArch, ya que cumple las condiciones \"!pte_present() && !pte_none()\". Esta interpretación errónea, combinada con una coincidencia de is_migration_entry() en los bits de dirección, provoca fallos del kernel en pfn_swap_entry_to_page(). Solucione esto a nivel de arquitectura modificando huge_pte_offset() para comprobar el contenido de la entrada PMD mediante pmd_none() antes de regresar. Si la entrada no es válida (es decir, apunta a invalid_pte_table), devuelva NULL en lugar del puntero a la ranura."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1.136","matchCriteriaId":"54D706E5-D87D-49FD-A415-79D5B8364778"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.89","matchCriteriaId":"D79CE030-3114-45E0-B52B-C77781BCB587"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.26","matchCriteriaId":"22F52099-F422-4D19-8283-45F9F9BF4392"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.14.5","matchCriteriaId":"6B25CA7E-4CD0-46DB-B4EF-13A3516071FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*","matchCriteriaId":"8D465631-2980-487A-8E65-40AE2B9F8ED1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*","matchCriteriaId":"4C9D071F-B28E-46EC-AC61-22B913390211"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*","matchCriteriaId":"13FC0DDE-E513-465E-9E81-515702D49B74"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2ca9380b12711afe95b3589bd82b59623b3c96b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/34256805720993e37adf6127371a1265aea8376a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/51424fd171cee6a33f01f7c66b8eb23ac42289d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b49f085cd671addbda4802d6b9382513f7dd0f30","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bd51834d1cf65a2c801295d230c220aeebf87a73","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}