CVE-2025-39845 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 19
Latest updateApr 9
Description
In the Linux kernel, the following vulnerability has been resolved:
x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()
Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure
page tables are properly synchronized when calling p*d_populate_kernel().
For 5-level paging, synchronization is performed via
pgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so
synchronization is instead performed at the P4D level via
p4d_populate_kernel()…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux8d400913c231bd1da74067255816453f96cd35b0 — 744ff519c72de31344a627eaf9b24e9595aae554+6
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-3r4w-f43v-9fpg: In the Linux kernel, the following vulnerability has been resolved:
x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()
Defi↗2025-09-22
OSV▶
CVE-2025-39845: In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() Define↗2025-09-19