CVE-2025-37964: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's memory management subsystem was discovered and assigned CVE-2025-37964. The issue was published on May 20, 2025, affecting the x86/mm component specifically related to TLB (Translation Lookaside Buffer) flush operations (NVD).

The vulnerability stems from a bug in the shouldflushtlb() function where TLB flushes may be inadvertently skipped during memory management (mm) switching operations. Specifically, there exists a window in the mm switching code where the new CR3 is set and the CPU should be getting TLB flushes for the new mm, but shouldflushtlb() incorrectly suppresses the flush between loadnewmmcr3() and writing to 'loadedmm' (NVD, Wiz).

The vulnerability could lead to improper TLB management, potentially resulting in memory access issues and system instability. When TLB flushes are incorrectly suppressed, it could cause the system to use outdated address translations, potentially leading to memory corruption or information disclosure (Wiz).

The fix involves checking for the LOADEDMMSWITCHING state in shouldflushtlb() to ensure that the CPU is properly targeted with an IPI. While this solution will cause more TLB flush IPIs, the window is relatively small and is not expected to cause any measurable performance impact. Additionally, a barrier has been added to ensure that 'loadedmm' and 'islazy' are observed in the correct order (Wiz). For Debian systems, this vulnerability has been fixed in version 6.1.140-1 (Debian Security).