Cybersecurity Vulnerabilities

CVE-2025-40230: Linux Kernel Panic When Handling THP Memory Errors

December 4, 2025 - By 

Overview

CVE-2025-40230 is a vulnerability in the Linux kernel that can cause a kernel panic when handling memory errors within Transparent Huge Pages (THPs). This occurs specifically on x86 servers when memory error injection is performed on a THP mapped to userspace. Instead of the expected behavior of terminating the affected process, the kernel crashes, leading to a denial-of-service condition.

Technical Details

The root cause of the panic lies in how the kernel attempts to handle Machine Check Exceptions (#MC) triggered by memory failures in userspace mapped THPs. The handling process involves splitting the THP. The splitting process uses `try_to_map_unused_to_zeropage()` to identify zero-filled pages within the THP. However, this identification process triggers a second in-kernel #MC *before* the initial `memory_failure()` completes, leading to the kernel panic. The critical steps are outlined below:

  1. [1] A hardware-poisoned THP is accessed in userspace, triggering the initial #MC. Ideally, this should be handled by terminating the process.
  2. [2] `memory_failure()` is called.
  3. [3] The THP splitting process begins with `__folio_split()`.
  4. [4] During the split, `try_to_map_unused_to_zeropage()` attempts to map unused pages to the zeropage.
  5. [5] `memchr_inv()` is used to re-access pages in the hardware-poisoned THP within the kernel.
  6. [6] This re-access triggers a second, in-kernel #MC, resulting in a kernel panic.

The vulnerability is resolved by preventing the access to poisoned pages during the zeropage identification process. The fix ensures that only non-poisoned pages are scanned for potential zeropage mapping, preventing the second in-kernel #MC.

CVSS Analysis

CVSS score is currently not available (N/A) for this CVE. However, the impact of a kernel panic suggests a high potential severity due to the possibility of denial of service.

Possible Impact

The primary impact of CVE-2025-40230 is a kernel panic, leading to a system crash and potential denial of service. This can disrupt critical services and require system restarts, resulting in downtime and data loss in certain scenarios. Although the memory error is triggered from userspace, the vulnerability allows it to escalate to a kernel-level issue, highlighting the importance of this fix.

Mitigation and Patch Steps

The vulnerability is resolved in the Linux kernel through specific commits. To mitigate the risk, it is highly recommended to apply the relevant patches or upgrade to a kernel version that includes the fix. The following are the key commits that address this issue:

Consult your Linux distribution’s security advisories for specific instructions on applying the patches. Regularly updating your kernel is crucial for maintaining system security.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *