{"id":"AZL-70274","summary":"CVE-2025-38029 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: avoid sleepable page allocation from atomic context\n\napply_to_pte_range() enters the lazy MMU mode and then invokes\nkasan_populate_vmalloc_pte() callback on each page table walk iteration. \nHowever, the callback can go into sleep when trying to allocate a single\npage, e.g.  if an architecutre disables preemption on lazy MMU mode enter.\n\nOn s390 if make arch_enter_lazy_mmu_mode() -\u003e preempt_enable() and\narch_leave_lazy_mmu_mode() -\u003e preempt_disable(), such crash occurs:\n\n[    0.663336] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321\n[    0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\n[    0.663358] preempt_count: 1, expected: 0\n[    0.663366] RCU nest depth: 0, expected: 0\n[    0.663375] no locks held by kthreadd/2.\n[    0.663383] Preemption disabled at:\n[    0.663386] [\u003c0002f3284cbb4eda\u003e] apply_to_pte_range+0xfa/0x4a0\n[    0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT\n[    0.663408] Hardware name: IBM 3931 A01 701 (KVM/Linux)\n[    0.663409] Call Trace:\n[    0.663410]  [\u003c0002f3284c385f58\u003e] dump_stack_lvl+0xe8/0x140\n[    0.663413]  [\u003c0002f3284c507b9e\u003e] __might_resched+0x66e/0x700\n[    0.663415]  [\u003c0002f3284cc4f6c0\u003e] __alloc_frozen_pages_noprof+0x370/0x4b0\n[    0.663419]  [\u003c0002f3284ccc73c0\u003e] alloc_pages_mpol+0x1a0/0x4a0\n[    0.663421]  [\u003c0002f3284ccc8518\u003e] alloc_frozen_pages_noprof+0x88/0xc0\n[    0.663424]  [\u003c0002f3284ccc8572\u003e] alloc_pages_noprof+0x22/0x120\n[    0.663427]  [\u003c0002f3284cc341ac\u003e] get_free_pages_noprof+0x2c/0xc0\n[    0.663429]  [\u003c0002f3284cceba70\u003e] kasan_populate_vmalloc_pte+0x50/0x120\n[    0.663433]  [\u003c0002f3284cbb4ef8\u003e] apply_to_pte_range+0x118/0x4a0\n[    0.663435]  [\u003c0002f3284cbc7c14\u003e] apply_to_pmd_range+0x194/0x3e0\n[    0.663437]  [\u003c0002f3284cbc99be\u003e] __apply_to_page_range+0x2fe/0x7a0\n[    0.663440]  [\u003c0002f3284cbc9e88\u003e] apply_to_page_range+0x28/0x40\n[    0.663442]  [\u003c0002f3284ccebf12\u003e] kasan_populate_vmalloc+0x82/0xa0\n[    0.663445]  [\u003c0002f3284cc1578c\u003e] alloc_vmap_area+0x34c/0xc10\n[    0.663448]  [\u003c0002f3284cc1c2a6\u003e] __get_vm_area_node+0x186/0x2a0\n[    0.663451]  [\u003c0002f3284cc1e696\u003e] __vmalloc_node_range_noprof+0x116/0x310\n[    0.663454]  [\u003c0002f3284cc1d950\u003e] __vmalloc_node_noprof+0xd0/0x110\n[    0.663457]  [\u003c0002f3284c454b88\u003e] alloc_thread_stack_node+0xf8/0x330\n[    0.663460]  [\u003c0002f3284c458d56\u003e] dup_task_struct+0x66/0x4d0\n[    0.663463]  [\u003c0002f3284c45be90\u003e] copy_process+0x280/0x4b90\n[    0.663465]  [\u003c0002f3284c460940\u003e] kernel_clone+0xd0/0x4b0\n[    0.663467]  [\u003c0002f3284c46115e\u003e] kernel_thread+0xbe/0xe0\n[    0.663469]  [\u003c0002f3284c4e440e\u003e] kthreadd+0x50e/0x7f0\n[    0.663472]  [\u003c0002f3284c38c04a\u003e] __ret_from_fork+0x8a/0xf0\n[    0.663475]  [\u003c0002f3284ed57ff2\u003e] ret_from_fork+0xa/0x38\n\nInstead of allocating single pages per-PTE, bulk-allocate the shadow\nmemory prior to applying kasan_populate_vmalloc_pte() callback on a page\nrange.","modified":"2026-04-01T05:21:43.693220Z","published":"2025-06-18T10:15:34Z","upstream":["CVE-2025-38029"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38029"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70274.json"}}],"schema_version":"1.7.5"}