{"id":"CVE-2025-39836","summary":"efi: stmm: Fix incorrect buffer allocation method","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nefi: stmm: Fix incorrect buffer allocation method\n\nThe communication buffer allocated by setup_mm_hdr() is later on passed\nto tee_shm_register_kernel_buf(). The latter expects those buffers to be\ncontiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause\nvarious corruptions or BUGs, specifically since commit 9aec2fb0fd5e\n(\"slab: allocate frozen pages\"), though it was broken before as well.\n\nFix this by using alloc_pages_exact() instead of kmalloc().","modified":"2026-03-20T12:43:04.308695Z","published":"2025-09-16T13:08:52.326Z","related":["SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2026:0447-1","SUSE-SU-2026:0472-1","SUSE-SU-2026:0587-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39836.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/630c0e6064daf84f17aad1a7d9ca76b562e3fe47"},{"type":"WEB","url":"https://git.kernel.org/stable/c/77ff27ff0e4529a003c8a1c2492c111968c378d3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c5e81e672699e0c5557b2b755cc8f7a69aa92bff"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39836.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39836"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c44b6be62e8dd4ee0a308c36a70620613e6fc55f"},{"fixed":"77ff27ff0e4529a003c8a1c2492c111968c378d3"},{"fixed":"630c0e6064daf84f17aad1a7d9ca76b562e3fe47"},{"fixed":"c5e81e672699e0c5557b2b755cc8f7a69aa92bff"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39836.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}