CVE-2025-68179
Description
In the Linux kernel, the following vulnerability has been resolved:
s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP
As reported by Luiz Capitulino enabling HVO on s390 leads to reproducible crashes. The problem is that kernel page tables are modified without flushing corresponding TLB entries.
Even if it looks like the empty flush_tlb_all() implementation on s390 is the problem, it is actually a different problem: on s390 it is not allowed to replace an active/valid page table entry with another valid page table entry without the detour over an invalid entry. A direct replacement may lead to random crashes and/or data corruption.
In order to invalidate an entry special instructions have to be used (e.g. ipte or idte). Alternatively there are also special instructions available which allow to replace a valid entry with a different valid entry (e.g. crdte or cspg).
Given that the HVO code currently does not provide the hooks to allow for an implementation which is compliant with the s390 architecture requirements, disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP again, which is basically a revert of the original patch which enabled it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
HugeTLB Vmemmap Optimization (HVO) on s390 causes crashes because it replaces valid page table entries without using architecture-specific instructions.
Description
CVE-2025-68179 addresses a critical flaw in the Linux kernel's handling of HugeTLB Vmemmap Optimization (HVO) on the s390 architecture. The vulnerability arises from the fact that the kernel's page table manipulation code for HVO directly replaces active/valid page table entries with other valid entries, which violates s390 architectural requirements. According to the official description, on s390 such a valid entry must be replaced via an invalid intermediate state using dedicated instructions like ipte or idte, or special replace instructions such as crdte or cspg. The generic HVO code does not provide the necessary hooks to implement these s390-specific operations, leading to random system crashes and potential data corruption [1].
Exploitation
Exploitation does not require any special privileges or network access; it is triggered by normal use of huge pages with HVO enabled on any s390 system. An attacker with local access could potentially trigger the race condition by causing page table updates during memory management operations, but the primary risk is accidental corruption during standard kernel operation.
Impact
The impact is severe, as the flaw leads to system instability (crashes) and possible data corruption. No code execution or privilege escalation is reported, but the availability and integrity of the system are compromised.
Mitigation
The fix, already merged into the stable kernel tree, disables ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP on s390, effectively reverting the enabling patch. Users are advised to apply kernel updates to avoid the issue. No workaround exists other than disabling HVO if possible.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.