Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()[EOL][EOL]Memory hot remove unmaps and tears down various kernel page table regions[EOL]as required.  The ptdump code can race with concurrent modifications of[EOL]the kernel page tables.  When leaf entries are modified concurrently, the[EOL]dump code may log stale or inconsistent information for a VA range, but[EOL]this is otherwise not harmful.[EOL][EOL]But when intermediate levels of kernel page table are freed, the dump code[EOL]will continue to use memory that has been freed and potentially[EOL]reallocated for another purpose.  In such cases, the ptdump code may[EOL]dereference bogus addresses, leading to a number of potential problems.[EOL][EOL]To avoid the above mentioned race condition, platforms such as arm64,[EOL]riscv and s390 take memory hotplug lock, while dumping kernel page table[EOL]via the sysfs interface /sys/kernel/debug/kernel_page_tables.[EOL][EOL]Similar race condition exists while checking for pages that might have[EOL]been marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages[EOL]which in turn calls ptdump_check_wx().  Instead of solving this race[EOL]condition again, let's just move the memory hotplug lock inside generic[EOL]ptdump_check_wx() which will benefit both the scenarios.[EOL][EOL]Drop get_online_mems() and put_online_mems() combination from all existing[EOL]platform ptdump code paths.

CREATE(Triage):(User=admin) [CVE-2025-38681 (https://nvd.nist.gov/vuln/detail/CVE-2025-38681)