{"id":"UBUNTU-CVE-2025-37818","details":"In the Linux kernel, the following vulnerability has been resolved: LoongArch: Return NULL from huge_pte_offset() for invalid PMD LoongArch's huge_pte_offset() currently returns a pointer to a PMD slot even if the underlying entry points to invalid_pte_table (indicating no mapping). Callers like smaps_hugetlb_range() fetch this invalid entry value (the address of invalid_pte_table) via this pointer. The generic is_swap_pte() check then incorrectly identifies this address as a swap entry on LoongArch, because it satisfies the \"!pte_present() && !pte_none()\" conditions. This misinterpretation, combined with a coincidental match by is_migration_entry() on the address bits, leads to kernel crashes in pfn_swap_entry_to_page(). Fix this at the architecture level by modifying huge_pte_offset() to check the PMD entry's content using pmd_none() before returning. If the entry is invalid (i.e., it points to invalid_pte_table), return NULL instead of the pointer to the slot.","modified":"2026-02-06T21:53:28.493237Z","published":"2025-05-08T07:15:00Z","upstream":["CVE-2025-37818"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-37818"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-37818"},{"type":"REPORT","url":"https://git.kernel.org/linus/bd51834d1cf65a2c801295d230c220aeebf87a73"}],"affected":[{"package":{"name":"linux-gcp-6.14","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/linux-gcp-6.14@6.14.0-1011.11~24.04.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.14.0-1011.11~24.04.1"}]}],"versions":["6.14.0-1007.7~24.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-buildinfo-6.14.0-1011-gcp","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-buildinfo-6.14.0-1011-gcp-64k","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-gcp-6.14-headers-6.14.0-1011","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-gcp-6.14-tools-6.14.0-1011","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-headers-6.14.0-1011-gcp","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-headers-6.14.0-1011-gcp-64k","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-image-unsigned-6.14.0-1011-gcp","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-image-unsigned-6.14.0-1011-gcp-64k","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-lib-rust-6.14.0-1011-gcp","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-modules-6.14.0-1011-gcp","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-modules-6.14.0-1011-gcp-64k","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-modules-extra-6.14.0-1011-gcp","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-modules-extra-6.14.0-1011-gcp-64k","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-tools-6.14.0-1011-gcp","binary_version":"6.14.0-1011.11~24.04.1"},{"binary_name":"linux-tools-6.14.0-1011-gcp-64k","binary_version":"6.14.0-1011.11~24.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-37818.json"}},{"package":{"name":"linux-realtime-6.14","ecosystem":"Ubuntu:Pro:Realtime:24.04:LTS","purl":"pkg:deb/ubuntu/linux-realtime-6.14@6.14.0-1010.10~24.04.1?arch=source&distro=realtime/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.14.0-1010.10~24.04.1"}]}],"versions":["6.14.0-1003.3~24.04.3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"linux-buildinfo-6.14.0-1010-realtime","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-cloud-tools-6.14.0-1010-realtime","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-headers-6.14.0-1010-realtime","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-image-unsigned-6.14.0-1010-realtime","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-modules-6.14.0-1010-realtime","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-modules-extra-6.14.0-1010-realtime","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-modules-iwlwifi-6.14.0-1010-realtime","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-realtime-6.14-cloud-tools-6.14.0-1010","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-realtime-6.14-headers-6.14.0-1010","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-realtime-6.14-tools-6.14.0-1010","binary_version":"6.14.0-1010.10~24.04.1"},{"binary_name":"linux-tools-6.14.0-1010-realtime","binary_version":"6.14.0-1010.10~24.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-37818.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}