CVE-2025-37818: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37818 is a vulnerability discovered in the Linux kernel's LoongArch architecture, specifically in the hugepteoffset() function. The vulnerability was disclosed on May 8, 2025, affecting various Linux distributions and their kernel implementations (NVD).

The vulnerability stems from the hugepteoffset() function incorrectly returning a pointer to a PMD slot even when the underlying entry points to invalidptetable, indicating no mapping exists. When callers like smapshugetlbrange() fetch this invalid entry value through the pointer, the generic isswappte() check incorrectly identifies this address as a swap entry on LoongArch because it satisfies the '!ptepresent() && !ptenone()' conditions. This misinterpretation, combined with a coincidental match by ismigrationentry() on the address bits, leads to kernel crashes in pfnswapentrytopage() (Wiz).

The vulnerability can result in kernel crashes when the system attempts to process certain memory operations involving huge pages on LoongArch systems, potentially leading to system instability and denial of service conditions (Wiz).

The issue has been resolved by modifying hugepteoffset() to check the PMD entry's content using pmdnone() before returning. If the entry is invalid (i.e., it points to invalidpte_table), the function now returns NULL instead of the pointer to the slot (NVD).