ГлавнаяУязвимости → CVE-2025-39836
7.8высокая

CVE-2025-39836

Описание

In the Linux kernel, the following vulnerability has been resolved: efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setup_mm_hdr() is later on passed to tee_shm_register_kernel_buf(). The latter expects those buffers to be contiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause various corruptions or BUGs, specifically since commit 9aec2fb0fd5e ("slab: allocate frozen pages"), though it was broken before as well. Fix this by using alloc_pages_exact() instead of kmalloc().

Затрагиваемое ПО
Linux Linux kernel
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://git.kernel.org/stable/c/630c0e6064daf84f17aad1a7d9ca76b562e3fe47https://git.kernel.org/stable/c/77ff27ff0e4529a003c8a1c2492c111968c378d3https://git.kernel.org/stable/c/c5e81e672699e0c5557b2b755cc8f7a69aa92bff