{"id":63395,"date":"2025-05-20T21:32:21","date_gmt":"2025-05-20T18:02:21","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-37960-linux-kernel-memblock-accept-memory-vulnerability\/"},"modified":"2025-05-20T21:32:21","modified_gmt":"2025-05-20T18:02:21","slug":"cve-2025-37960-linux-kernel-memblock-accept-memory-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-37960-linux-kernel-memblock-accept-memory-vulnerability\/","title":{"rendered":"CVE-2025-37960 &#8211; Linux Kernel Memblock Accept Memory Vulnerability"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-37960<br \/>\n<br \/>\n<strong>Published : <\/strong> May 20, 2025, 4:15 p.m. | 54\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>In the Linux kernel, the following vulnerability has been resolved:<\/p>\n<p>memblock: Accept allocated memory before use in memblock_double_array()<\/p>\n<p>When increasing the array size in memblock_double_array() and the slab<br \/>\nis not yet available, a call to memblock_find_in_range() is used to<br \/>\nreserve\/allocate memory. However, the range returned may not have been<br \/>\naccepted, which can result in a crash when booting an SNP guest:<\/p>\n<p>  RIP: 0010:memcpy_orig+0x68\/0x130<br \/>\n  Code: &#8230;<br \/>\n  RSP: 0000:ffffffff9cc03ce8 EFLAGS: 00010006<br \/>\n  RAX: ff11001ff83e5000 RBX: 0000000000000000 RCX: fffffffffffff000<br \/>\n  RDX: 0000000000000bc0 RSI: ffffffff9dba8860 RDI: ff11001ff83e5c00<br \/>\n  RBP: 0000000000002000 R08: 0000000000000000 R09: 0000000000002000<br \/>\n  R10: 000000207fffe000 R11: 0000040000000000 R12: ffffffff9d06ef78<br \/>\n  R13: ff11001ff83e5000 R14: ffffffff9dba7c60 R15: 0000000000000c00<br \/>\n  memblock_double_array+0xff\/0x310<br \/>\n  memblock_add_range+0x1fb\/0x2f0<br \/>\n  memblock_reserve+0x4f\/0xa0<br \/>\n  memblock_alloc_range_nid+0xac\/0x130<br \/>\n  memblock_alloc_internal+0x53\/0xc0<br \/>\n  memblock_alloc_try_nid+0x3d\/0xa0<br \/>\n  swiotlb_init_remap+0x149\/0x2f0<br \/>\n  mem_init+0xb\/0xb0<br \/>\n  mm_core_init+0x8f\/0x350<br \/>\n  start_kernel+0x17e\/0x5d0<br \/>\n  x86_64_start_reservations+0x14\/0x30<br \/>\n  x86_64_start_kernel+0x92\/0xa0<br \/>\n  secondary_startup_64_no_verify+0x194\/0x19b<\/p>\n<p>Mitigate this by calling accept_memory() on the memory range returned<br \/>\nbefore the slab is available.<\/p>\n<p>Prior to v6.12, the accept_memory() interface used a &#8216;start&#8217; and &#8216;end&#8217;<br \/>\nparameter instead of &#8216;start&#8217; and &#8216;size&#8217;, therefore the accept_memory()<br \/>\ncall must be adjusted to specify &#8216;start + size&#8217; for &#8216;end&#8217; when applying<br \/>\nto kernels prior to v6.12.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 0.0 | NA<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-37960 Published : May 20, 2025, 4:15 p.m. | 54\u00a0minutes ago Description : In the Linux kernel, the following vulnerability has been resolved: memblock: Accept allocated memory before use in memblock_double_array() When increasing the array size in memblock_double_array() and the slab is not yet available, a call to memblock_find_in_range() is used to &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-63395","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/63395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=63395"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/63395\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=63395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=63395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=63395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}