CVE-2025-40245

Description

In the Linux kernel, the following vulnerability has been resolved:nios2: ensure that memblock.current_limit is set when setting pfn limitsOn nios2, with CONFIG_FLATMEM set, the kernel relies onmemblock_get_current_limit() to determine the limits of mem_map, inparticular for max_low_pfn.Unfortunately, memblock.current_limit is only default initialized toMEMBLOCK_ALLOC_ANYWHERE at this point of the bootup, potentially leadingto situations where max_low_pfn can erroneously exceed the value ofmax_pfn and, thus, the valid range of available DRAM.This can in turn cause kernel-level paging failures, e.g.:[ 76.900000] Unable to handle kernel paging request at virtual address 20303000[ 76.900000] ea = c0080890, ra = c000462c, cause = 14[ 76.900000] Kernel panic - not syncing: Oops[ 76.900000] ---[ end Kernel panic - not syncing: Oops ]---This patch fixes this by pre-calculating memblock.current_limitbased on the upper limits of the available memory ranges viaadjust_lowmem_bounds, a simplified version of the equivalentimplementation within the arm architecture.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.036

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234