CVE-2025-37922: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37922 is a vulnerability discovered in the Linux kernel related to memory management in the vmemmap system. The vulnerability was disclosed on May 20, 2025, affecting the Linux kernel's book3s64/radix component. The issue specifically involves the alignment of section vmemmap start addresses to PAGE_SIZE (NVD).

The vulnerability occurs when namespaces are created unaligned, causing the section vmemmap start address to also be unaligned. When this happens, an altmap page allocated from the current namespace might be used by the previous namespace. During free operations, since the altmap is shared between two namespaces, the previous namespace may incorrectly detect that the page doesn't belong to its altmap and assume it's a normal page. This leads to an attempt to free the normal page, resulting in a kernel crash. Additionally, if there is no altmap, a PMD-sized vmemmap page will be allocated from RAM regardless of the section start address alignment, which can trigger a VMBUGON when setting the PMD-sized page to page table (NVD).

The vulnerability can result in a kernel crash when the system attempts to free memory pages incorrectly. This manifests as a NULL pointer dereference and can lead to system instability. The issue can trigger kernel BUG reports and cause system crashes, potentially affecting system availability (NVD).

The issue has been addressed by aligning the section vmemmap start address to PAGESIZE. After alignment, the start address will not be part of the current namespace, and a normal page will be allocated for the vmemmap mapping of the current section. For the remaining sections, altmaps will be allocated. Additionally, a PMDSIZE vmemmap page will only be allocated if the section start address is PMD_SIZE-aligned; otherwise, it will fall back to a PAGE-sized vmemmap allocation (NVD).