CVE-2025-39727 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

mm: swap: fix potential buffer overflow in setup_clusters()

In setup_swap_map(), we only ensure badpages are in range (0, last_page].
As maxpages might be < last_page, setup_clusters() will encounter a buffer
overflow when a badpage is >= maxpages.

Only call inc_cluster_info_page() for badpage which is < maxpages to fix
the issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/152c1339dc13ad46f1b136e8693de15980750835
https://git.kernel.org/stable/c/815c528b13f2bb9b3130c13bedeabf2351a68129
https://git.kernel.org/stable/c/91b370800b3f2b3dda244c0ab06719c4971190a5
https://git.kernel.org/stable/c/9b01ada580ee84fb319e7ecb5fb5b1f54a9eb799

History

Sun, 07 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setup_clusters() In setup_swap_map(), we only ensure badpages are in range (0, last_page]. As maxpages might be < last_page, setup_clusters() will encounter a buffer overflow when a badpage is >= maxpages. Only call inc_cluster_info_page() for badpage which is < maxpages to fix the issue.
Title		mm: swap: fix potential buffer overflow in setup_clusters()
References		https://git.kernel.org/stable/c/152c1339dc13ad46f1b136e8693de15980750835 https://git.kernel.org/stable/c/815c528b13f2bb9b3130c13bedeabf2351a68129 https://git.kernel.org/stable/c/91b370800b3f2b3dda244c0ab06719c4971190a5 https://git.kernel.org/stable/c/9b01ada580ee84fb319e7ecb5fb5b1f54a9eb799

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-07T15:16:17.986Z

Updated: 2025-09-07T15:16:17.986Z

Reserved: 2025-04-16T07:20:57.118Z

Link: CVE-2025-39727

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-07T16:15:46.023

Modified: 2025-09-07T16:15:46.023

Link: CVE-2025-39727

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-39727", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.118Z", "datePublished": "2025-09-07T15:16:17.986Z", "dateUpdated": "2025-09-07T15:16:17.986Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-07T15:16:17.986Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: fix potential buffer overflow in setup_clusters()\n\nIn setup_swap_map(), we only ensure badpages are in range (0, last_page]. \nAs maxpages might be < last_page, setup_clusters() will encounter a buffer\noverflow when a badpage is >= maxpages.\n\nOnly call inc_cluster_info_page() for badpage which is < maxpages to fix\nthe issue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/swapfile.c"], "versions": [{"version": "b843786b0bd01ced7fcdbf3b033d68db2f7c61b2", "lessThan": "91b370800b3f2b3dda244c0ab06719c4971190a5", "status": "affected", "versionType": "git"}, {"version": "b843786b0bd01ced7fcdbf3b033d68db2f7c61b2", "lessThan": "9b01ada580ee84fb319e7ecb5fb5b1f54a9eb799", "status": "affected", "versionType": "git"}, {"version": "b843786b0bd01ced7fcdbf3b033d68db2f7c61b2", "lessThan": "815c528b13f2bb9b3130c13bedeabf2351a68129", "status": "affected", "versionType": "git"}, {"version": "b843786b0bd01ced7fcdbf3b033d68db2f7c61b2", "lessThan": "152c1339dc13ad46f1b136e8693de15980750835", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/swapfile.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.42", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.10", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.1", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.42"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.15.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.16.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.17-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/91b370800b3f2b3dda244c0ab06719c4971190a5"}, {"url": "https://git.kernel.org/stable/c/9b01ada580ee84fb319e7ecb5fb5b1f54a9eb799"}, {"url": "https://git.kernel.org/stable/c/815c528b13f2bb9b3130c13bedeabf2351a68129"}, {"url": "https://git.kernel.org/stable/c/152c1339dc13ad46f1b136e8693de15980750835"}], "title": "mm: swap: fix potential buffer overflow in setup_clusters()", "x_generator": {"engine": "bippy-1.2.0"}}}}