{"id":"CVE-2025-68248","summary":"vmw_balloon: indicate success when effectively deflating during migration","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvmw_balloon: indicate success when effectively deflating during migration\n\nWhen migrating a balloon page, we first deflate the old page to then\ninflate the new page.\n\nHowever, if inflating the new page succeeded, we effectively deflated the\nold page, reducing the balloon size.\n\nIn that case, the migration actually worked: similar to migrating+\nimmediately deflating the new page.  The old page will be freed back to\nthe buddy.\n\nRight now, the core will leave the page be marked as isolated (as we\nreturned an error).  When later trying to putback that page, we will run\ninto the WARN_ON_ONCE() in balloon_page_putback().\n\nThat handling was changed in commit 3544c4faccb8 (\"mm/balloon_compaction:\nstop using __ClearPageMovable()\"); before that change, we would have\ntolerated that way of handling it.\n\nTo fix it, let's just return 0 in that case, making the core effectively\njust clear the \"isolated\" flag + freeing it back to the buddy as if the\nmigration succeeded.  Note that the new page will also get freed when the\ncore puts the last reference.\n\nNote that this also makes it all be more consistent: we will no longer\nunisolate the page in the balloon driver while keeping it marked as being\nisolated in migration core.\n\nThis was found by code inspection.","modified":"2026-04-02T13:03:27.408321Z","published":"2025-12-16T14:32:15.430Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68248.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4ba5a8a7faa647ada8eae61a36517cf369f5bbe4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aa05a044c5c2e147d726ac2fae1a97e0775eac11"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68248.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68248"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3544c4faccb8f0867bc65f8007ee70bfb5054305"},{"fixed":"aa05a044c5c2e147d726ac2fae1a97e0775eac11"},{"fixed":"4ba5a8a7faa647ada8eae61a36517cf369f5bbe4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68248.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.17.0"},{"fixed":"6.17.6"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68248.json"}}],"schema_version":"1.7.5"}