{ "threat_severity" : "Moderate", "public_date" : "2025-12-16T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel (s390): Denial of service and data corruption due to improper page table updates", "id" : "2422662", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2422662" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-821", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ns390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP\nAs reported by Luiz Capitulino enabling HVO on s390 leads to reproducible\ncrashes. The problem is that kernel page tables are modified without\nflushing corresponding TLB entries.\nEven if it looks like the empty flush_tlb_all() implementation on s390 is\nthe problem, it is actually a different problem: on s390 it is not allowed\nto replace an active/valid page table entry with another valid page table\nentry without the detour over an invalid entry. A direct replacement may\nlead to random crashes and/or data corruption.\nIn order to invalidate an entry special instructions have to be used\n(e.g. ipte or idte). Alternatively there are also special instructions\navailable which allow to replace a valid entry with a different valid\nentry (e.g. crdte or cspg).\nGiven that the HVO code currently does not provide the hooks to allow for\nan implementation which is compliant with the s390 architecture\nrequirements, disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP again, which is\nbasically a revert of the original patch which enabled it.", "A flaw was found in the Linux kernel on the s390 architecture. A local user with low privileges could trigger a vulnerability by enabling ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP. This issue arises because kernel page table entries are modified without properly flushing the Translation Lookaside Buffer (TLB), which can lead to system crashes and potential data corruption. This could result in a denial of service." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-68179\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68179\nhttps://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68179-6ce9@gregkh/T" ], "name" : "CVE-2025-68179", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang" : "en:us" }, "csaw" : false }