Detections
Analytics

Linux Distros Unpatched Vulnerability : CVE-2025-71134

high Nessus Plugin ID 284703

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to match the one of the page being freed. However, only the first pageblock of the buddy page is updated, while the rest of the pageblocks are left unchanged. That causes warnings in later expand() and other code paths (like below), since an inconsistency between migration type of the list containing the page and the page-owned pageblocks migration types is introduced. [ 308.986589] ------------[ cut here ]------------ [ 308.987227] page type is 0, passed migratetype is 1 (nr=256) [ 308.987275] WARNING: CPU: 1 PID: 5224 at mm/page_alloc.c:812 expand+0x23c/0x270 [ 308.987293] Modules linked in: algif_hash(E) af_alg(E) nft_fib_inet(E) nft_fib_ipv4(E) nft_fib_ipv6(E) nft_fib(E) nft_reject_inet(E) nf_reject_ipv4(E) nf_reject_ipv6(E) nft_reject(E) nft_ct(E) nft_chain_nat(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) nf_tables(E) s390_trng(E) vfio_ccw(E) mdev(E) vfio_iommu_type1(E) vfio(E) sch_fq_codel(E) drm(E) i2c_core(E) drm_panel_orientation_quirks(E) loop(E) nfnetlink(E) vsock_loopback(E) vmw_vsock_virtio_transport_common(E) vsock(E) ctcm(E) fsm(E) diag288_wdt(E) watchdog(E) zfcp(E) scsi_transport_fc(E) ghash_s390(E) prng(E) aes_s390(E) des_generic(E) des_s390(E) libdes(E) sha3_512_s390(E) sha3_256_s390(E) sha_common(E) paes_s390(E) crypto_engine(E) pkey_cca(E) pkey_ep11(E) zcrypt(E) rng_core(E) pkey_pckmo(E) pkey(E) autofs4(E) [ 308.987439] Unloaded tainted modules:
 hmac_s390(E):2 [ 308.987650] CPU: 1 UID: 0 PID: 5224 Comm: mempig_verify Kdump: loaded Tainted: G E 6.18.0-gcc-bpf-debug #431 PREEMPT [ 308.987657] Tainted: [E]=UNSIGNED_MODULE [ 308.987661] Hardware name:
 IBM 3906 M04 704 (z/VM 7.3.0) [ 308.987666] Krnl PSW : 0404f00180000000 00000349976fa600 (expand+0x240/0x270) [ 308.987676] R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3 [ 308.987682] Krnl GPRS: 0000034980000004 0000000000000005 0000000000000030 000003499a0e6d88 [ 308.987688] 0000000000000005 0000034980000005 000002be803ac000 0000023efe6c8300 [ 308.987692] 0000000000000008 0000034998d57290 000002be00000100 0000023e00000008 [ 308.987696] 0000000000000000 0000000000000000 00000349976fa5fc 000002c99b1eb6f0 [ 308.987708] Krnl Code: 00000349976fa5f0: c020008a02f2 larl %r2,000003499883abd4 00000349976fa5f6: c0e5ffe3f4b5 brasl %r14,0000034997378f60 #00000349976fa5fc:
 af000000 mc 0,0 >00000349976fa600: a7f4ff4c brc 15,00000349976fa498 00000349976fa604: b9040026 lgr %r2,%r6 00000349976fa608: c0300088317f larl %r3,0000034998800906 00000349976fa60e: c0e5fffdb6e1 brasl %r14,00000349976b13d0 00000349976fa614: af000000 mc 0,0 [ 308.987734] Call Trace: [ 308.987738] [<00000349976fa600>] expand+0x240/0x270 [ 308.987744] ([<00000349976fa5fc>] expand+0x23c/0x270) [ 308.987749] [<00000349976ff95e>] rmqueue_bulk+0x71e/0x940 [ 308.987754] [<00000349976ffd7e>]
 __rmqueue_pcplist+0x1fe/0x2a0 [ 308.987759] [<0000034997700966>] rmqueue.isra.0+0xb46/0xf40 [ 308.987763] [<0000034997703ec8>] get_page_from_freelist+0x198/0x8d0 [ 308.987768] [<0000034997706fa8>]
 __alloc_frozen_pages_noprof+0x198/0x400 [ 308.987774] [<00000349977536f8>] alloc_pages_mpol+0xb8/0x220 [ 308.987781] [<0000034997753bf6>] folio_alloc_mpol_noprof+0x26/0xc0 [ 308.987786] [<0000034997753e4c>] vma_alloc_folio_noprof+0x6c/0xa0 [ 308.987791] [<0000034997775b22>] vma_alloc_anon_folio_pmd+0x42/0x240 [ 308.987799] [<000003499777bfea>] __do_huge_pmd_anonymous_page+0x3a/0x210 [ 308.987804] [<00000349976cb0
 ---truncated--- (CVE-2025-71134)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

See Also

https://access.redhat.com/security/cve/cve-2025-71134

https://security-tracker.debian.org/tracker/CVE-2025-71134

Plugin Details

Severity: High

ID: 284703

File Name: unpatched_CVE_2025_71134.nasl

Version: 1.1

Type: local

Agent: unix

Family: Misc.

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:C

CVSS Score Source: CVE-2025-71134

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-doc, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel, cpe:/o:redhat:enterprise_linux:10, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt-addons, p-cpe:/a:debian:debian_linux:linux, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, cpe:/o:debian:debian_linux:14.0, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:rv, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt, cpe:/o:debian:debian_linux:13.0, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:libperf, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:python3-perf, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:rtla, p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-core

Required KB Items: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/14/2026

Reference Information

CVE: CVE-2025-71134