CVE-2025-39775: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's memory management subsystem was discovered and assigned CVE-2025-39775. The issue was disclosed on September 11, 2025, affecting the mremap functionality when used with userfaultd on Virtual Memory Areas (VMAs) (NVD, Red Hat).

The vulnerability occurs when registering userfaultd on a VMA that spans at least one PMD and then performing mremap() operations on that VMA. This can trigger a WARN condition during recovery from a failed page table move due to a page table allocation error. While the code ultimately performs the correct operation by recursing and avoiding moving actual page tables, it generates undesirable warning messages. The issue has been assigned a CVSS v3.1 base score of 7.0 with vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat).

The vulnerability affects the memory management functionality in the Linux kernel. While the code eventually performs the correct operations, it generates warning messages that could potentially impact system stability or logging mechanisms (NVD).

The issue has been resolved in the Linux kernel by implementing a fix that checks for both VMAs and performs the check before the pmd_none() sanity check. A new helper has been added to perform and document the check for the PMD and PUD level (NVD).