Vulnerability Database

314,343

Total vulnerabilities in the database

CVE-2025-40353

In the Linux kernel, the following vulnerability has been resolved:

arm64: mte: Do not warn if the page is already tagged in copy_highpage()

The arm64 copy_highpage() assumes that the destination page is newly allocated and not MTE-tagged (PG_mte_tagged unset) and warns accordingly. However, following commit 060913999d7a ("mm: migrate: support poisoned recover from migrate folio"), folio_mc_copy() is called before __folio_migrate_mapping(). If the latter fails (-EAGAIN), the copy will be done again to the same destination page. Since copy_highpage() already set the PG_mte_tagged flag, this second copy will warn.

Replace the WARN_ON_ONCE(page already tagged) in the arm64 copy_highpage() with a comment.

Published: Dec 16, 2025
Updated: Dec 17, 2025
CVE: CVE-2025-40353
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo