CVE-2025-39844: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39844 is a vulnerability discovered in the Linux kernel related to page table synchronization. The issue was disclosed on September 19, 2025, affecting systems that use 4-level paging and have large amounts of persistent memory. The vulnerability stems from improper handling of page table synchronization when the vmemmap region spans multiple PGD entries (NVD).

The vulnerability occurs during the initialization of vmemmap (struct page array) when the vmemmap region spans two PGD entries. The core issue is that new PGD entries are only installed in initmm.pgd but not in the page tables of other tasks. The problem specifically manifests in the optimized path when vmemmapcanoptimize() returns true, causing the vmemmappopulatecompoundpages() function to skip synchronization of top-level page tables. This is because the function is implemented in core MM code, which doesn't handle top-level page table synchronization (NVD).

When exploited, this vulnerability can lead to kernel panics during boot, particularly on systems using 4-level paging with large amounts of persistent memory. The issue manifests as a page fault error with the message 'BUG: unable to handle page fault' and can cause system instability (NVD).

The vulnerability has been fixed in Linux kernel version 6.12.48-1 for the Debian stable distribution (trixie). The solution involves introducing pgdpopulatekernel() for updating kernel portion of the page tables and allowing each architecture to explicitly perform synchronization when installing top-level entries (Debian Security).