CVE & CISA-KEV Catalog

CVE-2025-71134

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to match the one of the page being freed. However, only the first pageblock of the buddy page is updated, while the rest of the pageblocks are left unchanged. That causes warnings in later expand() and other code paths (like below), since an inconsistency between migration type of the list containing the page and the page-owned pageblocks migration types is introduced. [ 308.986589] ------------[ cut here ]------------ [ 308.987227] page type is 0, passed migratetype is 1 (nr=256) [ 308.987275] WARNING: CPU: 1 PID: 5224 at mm/page_alloc.c:812 expand+0x23c/0x270 [ 308.987293] Modules linked in: algif_hash(E) af_alg(E) nft_fib_inet(E) nft_fib_ipv4(E) nft_fib_ipv6(E) nft_fib(E) nft_reject_inet(E) nf_reject_ipv4(E) nf_reject_ipv6(E) nft_reject(E) nft_ct(E) nft_chain_nat(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) nf_tables(E) s390_trng(E) vfio_ccw(E) mdev(E) vfio_iommu_type1(E) vfio(E) sch_fq_codel(E) drm(E) i2c_core(E) drm_panel_orientation_quirks(E) loop(E) nfnetlink(E) vsock_loopback(E) vmw_vsock_virtio_transport_common(E) vsock(E) ctcm(E) fsm(E) diag288_wdt(E) watchdog(E) zfcp(E) scsi_transport_fc(E) ghash_s390(E) prng(E) aes_s390(E) des_generic(E) des_s390(E) libdes(E) sha3_512_s390(E) sha3_256_s390(E) sha_common(E) paes_s390(E) crypto_engine(E) pkey_cca(E) pkey_ep11(E) zcrypt(E) rng_core(E) pkey_pckmo(E) pkey(E) autofs4(E) [ 308.987439] Unloaded tainted modules: hmac_s390(E):2 [ 308.987650] CPU: 1 UID: 0 PID: 5224 Comm: mempig_verify Kdump: loaded Tainted: G E 6.18.0-gcc-bpf-debug #431 PREEMPT [ 308.987657] Tainted: [E]=UNSIGNED_MODULE [ 308.987661] Hardware name: IBM 3906 M04 704 (z/VM 7.3.0) [ 308.987666] Krnl PSW : 0404f00180000000 00000349976fa600 (expand+0x240/0x270) [ 308.987676] R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3 [ 308.987682] Krnl GPRS: 0000034980000004 0000000000000005 0000000000000030 000003499a0e6d88 [ 308.987688] 0000000000000005 0000034980000005 000002be803ac000 0000023efe6c8300 [ 308.987692] 0000000000000008 0000034998d57290 000002be00000100 0000023e00000008 [ 308.987696] 0000000000000000 0000000000000000 00000349976fa5fc 000002c99b1eb6f0 [ 308.987708] Krnl Code: 00000349976fa5f0: c020008a02f2 larl %r2,000003499883abd4 00000349976fa5f6: c0e5ffe3f4b5 brasl %r14,0000034997378f60 #00000349976fa5fc: af000000 mc 0,0 >00000349976fa600: a7f4ff4c brc 15,00000349976fa498 00000349976fa604: b9040026 lgr %r2,%r6 00000349976fa608: c0300088317f larl %r3,0000034998800906 00000349976fa60e: c0e5fffdb6e1 brasl %r14,00000349976b13d0 00000349976fa614: af000000 mc 0,0 [ 308.987734] Call Trace: [ 308.987738] [<00000349976fa600>] expand+0x240/0x270 [ 308.987744] ([<00000349976fa5fc>] expand+0x23c/0x270) [ 308.987749] [<00000349976ff95e>] rmqueue_bulk+0x71e/0x940 [ 308.987754] [<00000349976ffd7e>] __rmqueue_pcplist+0x1fe/0x2a0 [ 308.987759] [<0000034997700966>] rmqueue.isra.0+0xb46/0xf40 [ 308.987763] [<0000034997703ec8>] get_page_from_freelist+0x198/0x8d0 [ 308.987768] [<0000034997706fa8>] __alloc_frozen_pages_noprof+0x198/0x400 [ 308.987774] [<00000349977536f8>] alloc_pages_mpol+0xb8/0x220 [ 308.987781] [<0000034997753bf6>] folio_alloc_mpol_noprof+0x26/0xc0 [ 308.987786] [<0000034997753e4c>] vma_alloc_folio_noprof+0x6c/0xa0 [ 308.987791] [<0000034997775b22>] vma_alloc_anon_folio_pmd+0x42/0x240 [ 308.987799] [<000003499777bfea>] __do_huge_pmd_anonymous_page+0x3a/0x210 [ 308.987804] [<00000349976cb0 ---truncated---

How to fix

Remediation Available
linuxDebian
Fixed in:6.12.69-1CVE-2025-71134
Fixed in:6.18.5-1CVE-2025-71134
linuxUbuntu
Fixed in:6.17.0-29.29USN-8277-1
linux-awsUbuntu
Fixed in:6.17.0-1015.15USN-8277-1
linux-aws-6.17Ubuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
linux-azureUbuntu
Fixed in:6.17.0-1015.15USN-8310-1
linux-azure-6.17Ubuntu
Fixed in:6.17.0-1015.15~24.04.1USN-8310-1
linux-gcpUbuntu
Fixed in:6.17.0-1018.19USN-8374-1
linux-gcp-6.17Ubuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
linux-hwe-6.17Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
linux-image-6.17.0-1013-realtimeUbuntu
Fixed in:6.17.0-1013.15~24.04.1USN-8277-1
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-6.17.0-1014-oracleUbuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-6.17.0-1014-oracle-64kUbuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-6.17.0-1015-awsUbuntu
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-6.17.0-1015-aws-64kUbuntu
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-6.17.0-1015-azureUbuntu
Fixed in:6.17.0-1015.15~24.04.1USN-8310-1
Fixed in:6.17.0-1015.15USN-8310-1
linux-image-6.17.0-1017-awsUbuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
linux-image-6.17.0-1017-aws-64kUbuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
linux-image-6.17.0-1017-raspiUbuntu
Fixed in:6.17.0-1017.17USN-8277-1
linux-image-6.17.0-1018-gcpUbuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-6.17.0-1018-gcp-64kUbuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-6.17.0-1023-oemUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-6.17.0-29-genericUbuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-6.17.0-29-generic-64kUbuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-awsUbuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-aws-6.17Ubuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-aws-64kUbuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-aws-64k-6.17Ubuntu
Fixed in:6.17.0-1017.17~24.04.1USN-8374-1
Fixed in:6.17.0-1015.15USN-8277-1
linux-image-azureUbuntu
Fixed in:6.17.0-1015.15~24.04.1USN-8310-1
Fixed in:6.17.0-1015.15USN-8310-1
linux-image-azure-6.17Ubuntu
Fixed in:6.17.0-1015.15~24.04.1USN-8310-1
Fixed in:6.17.0-1015.15USN-8310-1
linux-image-gcpUbuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-gcp-6.17Ubuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-gcp-64kUbuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-gcp-64k-6.17Ubuntu
Fixed in:6.17.0-1018.19~24.04.1USN-8374-1
Fixed in:6.17.0-1018.19USN-8374-1
linux-image-genericUbuntu
Fixed in:6.17.0-29.29USN-8277-1
linux-image-generic-6.17Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-generic-64kUbuntu
Fixed in:6.17.0-29.29USN-8277-1
linux-image-generic-64k-6.17Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-generic-64k-hwe-24.04Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
linux-image-generic-hwe-24.04Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
linux-image-oem-24.04Ubuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-24.04aUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-24.04bUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-24.04cUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-24.04dUbuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oem-6.17Ubuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-image-oracleUbuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-oracle-6.17Ubuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-oracle-64kUbuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-oracle-64k-6.17Ubuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
Fixed in:6.17.0-1014.14USN-8277-1
linux-image-raspiUbuntu
Fixed in:6.17.0-1017.17USN-8277-1
linux-image-raspi-6.17Ubuntu
Fixed in:6.17.0-1017.17USN-8277-1
linux-image-realtimeUbuntu
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-realtime-6.17Ubuntu
Fixed in:6.17.0-1013.15~24.04.1USN-8277-1
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-realtime-hwe-24.04Ubuntu
Fixed in:6.17.0-1013.15~24.04.1USN-8277-1
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-realtime-hwe-24.04-edgeUbuntu
Fixed in:6.17.0-1013.15USN-8277-1
linux-image-virtualUbuntu
Fixed in:6.17.0-29.29USN-8277-1
linux-image-virtual-6.17Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
Fixed in:6.17.0-29.29USN-8277-1
linux-image-virtual-hwe-24.04Ubuntu
Fixed in:6.17.0-29.29~24.04.1USN-8277-1
linux-oem-6.17Ubuntu
Fixed in:6.17.0-1023.23USN-8277-1
linux-oracleUbuntu
Fixed in:6.17.0-1014.14USN-8277-1
linux-oracle-6.17Ubuntu
Fixed in:6.17.0-1014.14~24.04.1USN-8277-2
linux-raspiUbuntu
Fixed in:6.17.0-1017.17USN-8277-1
linux-realtimeUbuntu
Fixed in:6.17.0-1013.15USN-8277-1
linux-realtime-6.17Ubuntu
Fixed in:6.17.0-1013.15~24.04.1USN-8277-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.11%probability of exploitation in 30 days
2ndpercentile

Low risk: more likely to be exploited than 2% of all known CVEs.

References

Embed a live status badge for CVE-2025-71134
CVE-2025-71134 severity badge

Markdown

[![CVE-2025-71134](https://tridentstack.com/cve/badge/CVE-2025-71134.svg)](https://tridentstack.com/cve/CVE-2025-71134)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-71134"><img src="https://tridentstack.com/cve/badge/CVE-2025-71134.svg" alt="CVE-2025-71134"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-03-25.