CVE-2025-40353

Published: Dec 16, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copy_highpage() The arm64 copy_highpage() assumes that the destination page is newly allocated and not MTE-tagged (PG_mte_tagged unset) and warns accordingly. However, following commit 060913999d7a ("mm: migrate: support poisoned recover from migrate folio"), folio_mc_copy() is called before __folio_migrate_mapping(). If the latter fails (-EAGAIN), the copy will be done again to the same destination page. Since copy_highpage() already set the PG_mte_tagged flag, this second copy will warn. Replace the WARN_ON_ONCE(page already tagged) in the arm64 copy_highpage() with a comment.

Vendor	Product	Versions
Linux	Linux	affected `060913999d7a9e50c283fdb15253fc27974ddadc - < 5ff5765a1fc526f07d3bbaedb061d970eb13bcf4` affected `060913999d7a9e50c283fdb15253fc27974ddadc - < 0bbf3fc6e9211fce9889fe8efbb89c220504d617` affected `060913999d7a9e50c283fdb15253fc27974ddadc - < b98c94eed4a975e0c80b7e90a649a46967376f58`
Linux	Linux	affected `6.11` unaffected `0 - < 6.11` unaffected `6.12.56 - <= 6.12.` unaffected `6.17.6 - <= 6.17.` unaffected `6.18 - <= *`

References

https://git.kernel.org/stable/c/5ff5765a1fc526f07d3bbaedb061d970eb13bcf4

https://git.kernel.org/stable/c/0bbf3fc6e9211fce9889fe8efbb89c220504d617

https://git.kernel.org/stable/c/b98c94eed4a975e0c80b7e90a649a46967376f58

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40353

Description

Affected Products

References