CVE-2025-40218: DAMON Infinite Loop Vulnerability Patched in Linux Kernel

Overview

CVE-2025-40218 describes a vulnerability in the Linux kernel’s DAMON (Data Access Monitoring) subsystem. Specifically, the issue resided in the virtual address space operation set implementation (vaddr) of DAMON. An infinite loop could occur during page table walks when `pte_offset_map_lock()` continuously failed due to a pmd migration entry. This could lead to a soft lockup, particularly when CPU hotplugging and DAMON were running concurrently. A patch has been implemented to prevent this infinite loop by avoiding retries of the page table walk in case of failure.

Technical Details

The DAMON vaddr implementation uses `pte_offset_map_lock()` to read and write page table accessed bits during page table walks. The function returns the page table walk callback with `ACTION_AGAIN` if `pte_offset_map_lock()` fails, triggering a retry. However, if the target is a pmd migration entry, `pte_offset_map_lock()` can repeatedly fail if the migration cannot be completed before the page table walk finishes.

This repeated failure resulted in an infinite loop within the page table walk, leading to a soft lockup. The vulnerability manifested when DAMON operations coincided with CPU hotplugging.

The fix implemented simply stops retrying the page table walk if `pte_offset_map_lock()` fails. Given that DAMON aims for best-effort accuracy, missing access information for pages in this specific scenario is acceptable.

CVSS Analysis

A CVSS score is not available for this vulnerability as it may not be considered a direct security risk, but a stability issue. It’s more about preventing a system crash (soft lockup) than unauthorized access or data compromise.

Severity: N/A

Possible Impact

The primary impact of this vulnerability is a soft lockup within the Linux kernel. This can lead to system unresponsiveness and potentially require a reboot to restore normal operation. The likelihood of triggering the vulnerability increases when DAMON is used in conjunction with CPU hotplugging or other memory management intensive operations.

Mitigation or Patch Steps

The vulnerability is resolved by a patch that modifies the DAMON vaddr implementation to avoid retrying the page table walk when `pte_offset_map_lock()` fails. Users are advised to update their Linux kernel to a version containing the fix. Check your distribution’s security advisories for specific patch information and kernel versions.

The fix is available in the following kernel commits (and likely backported to stable kernel branches):

• https://git.kernel.org/stable/c/0ccd91cf749536d41307a07e60ec14ab0dbf21f5
• https://git.kernel.org/stable/c/677ebfe5d00f94adec0c0204f6e6e2a82d3f77bf
• https://git.kernel.org/stable/c/ac42320ec873bfe726141069cfdd90ee5bc4e885
• https://git.kernel.org/stable/c/b93af2cc8e036754c0d9970d9ddc47f43cc94b9f