[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-39992":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":33},"DEBIAN-CVE-2025-39992","In the Linux kernel, the following vulnerability has been resolved:  mm: swap: check for stable address space before operating on the VMA  It is possible to hit a zero entry while traversing the vmas in unuse_mm() called from swapoff path and accessing it causes the OOPS:  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000446--> Loading the memory from offset 0x40 on the XA_ZERO_ENTRY as address. Mem abort info:   ESR = 0x0000000096000005   EC = 0x25: DABT (current EL), IL = 32 bits   SET = 0, FnV = 0   EA = 0, S1PTW = 0   FSC = 0x05: level 1 translation fault  The issue is manifested from the below race between the fork() on a process and swapoff: fork(dup_mmap())\t\t\tswapoff(unuse_mm) ---------------                         ----------------- 1) Identical mtree is built using    __mt_dup().  2) copy_pte_range()--> \tcopy_nonpresent_pte():        The dst mm is added into the     mmlist to be visible to the     swapoff operation.  3) Fatal signal is sent to the parent process(which is the current during the fork) thus skip the duplication of the vmas and mark the vma range with XA_ZERO_ENTRY as a marker for this process that helps during exit_mmap().  \t\t\t\t     4) swapoff is tried on the \t\t\t\t\t'mm' added to the 'mmlist' as \t\t\t\t\tpart of the 2.  \t\t\t\t     5) unuse_mm(), that iterates \t\t\t\t\tthrough the vma's of this 'mm' \t\t\t\t\twill hit the non-NULL zero entry \t\t\t\t\tand operating on this zero entry \t\t\t\t\tas a vma is resulting into the \t\t\t\t\toops.  The proper fix would be around not exposing this partially-valid tree to others when droping the mmap lock, which is being solved with [1].  A simpler solution would be checking for MMF_UNSTABLE, as it is set if mm_struct is not fully initialized in dup_mmap().  Thanks to Liam/Lorenzo/David for all the suggestions in fixing this issue.",null,[],[],[],[14],{"_key":15},"CVE-2025-39992",[],[],[],"2025-10-15T08:15:37.317Z","2026-04-28T20:30:24.631947Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2025-39992",[27],"osv_debian",[29],"Advisory",[],[],[],[34],{"ecosystem":35,"name":36,"vendor":37,"product":36,"cpe_part":9,"purl_type":38,"purl_namespace":37,"purl_name":36,"source":9,"versions":39},"Debian","linux","debian","deb",[40,46],{"version":41,"is_range":42,"range_type":43,"version_start":9,"version_start_type":9,"version_end":44,"version_end_type":45,"fixed_in":9},"lt6_12_57_1",true,"ecosystem","6.12.57-1","excluding",{"version":47,"is_range":42,"range_type":43,"version_start":9,"version_start_type":9,"version_end":48,"version_end_type":45,"fixed_in":9},"lt6_16_11_1","6.16.11-1"]