Linux Kernel arm64: Propagate error from __change_memory_common
CVE-2025-68737 Published on December 24, 2025
arm64/pageattr: Propagate return value from __change_memory_common
In the Linux kernel, the following vulnerability has been resolved:
arm64/pageattr: Propagate return value from __change_memory_common
The rodata=on security measure requires that any code path which does
vmalloc -> set_memory_ro/set_memory_rox must protect the linear map alias
too. Therefore, if such a call fails, we must abort set_memory_* and caller
must take appropriate action; currently we are suppressing the error, and
there is a real chance of such an error arising post commit a166563e7ec3
("arm64: mm: support large block mapping when rodata=full"). Therefore,
propagate any error to the caller.
Products Associated with CVE-2025-68737
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Linux Kernel. Just hit a watch button to start following.
Affected Versions
Linux:- Version a166563e7ec375b38a0fd3a58f7b77e50a6bc6a8 and below 3e2fc1e57a5361633a4bf4222640c6bfe41ff8ea is affected.
- Version a166563e7ec375b38a0fd3a58f7b77e50a6bc6a8 and below e5efd56fa157d2e7d789949d1d64eccbac18a897 is affected.
- Version 6.18 is affected.
- Before 6.18 is unaffected.
- Version 6.18.2, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.