CVE-2025-68179 | s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP

In the Linux kernel, the following vulnerability has been resolved: s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP As reported by Luiz Capitulino enabling HVO on s390 leads to reproducible crashes. The problem is that kernel page tables are modified without flushing corresponding TLB entries. Even if it looks like the empty flush_tlb_all() implementation on s390 is the problem, it is actually a different problem: on s390 it is not allowed to replace an active/valid page table entry with another valid page table entry without the detour over an invalid entry. A direct replacement may lead to random crashes and/or data corruption. In order to invalidate an entry special instructions have to be used (e.g. ipte or idte). Alternatively there are also special instructions available which allow to replace a valid entry with a different valid entry (e.g. crdte or cspg). Given that the HVO code currently does not provide the hooks to allow for an implementation which is compliant with the s390 architecture requirements, disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP again, which is basically a revert of the original patch which enabled it.

Published: 2025-12-16 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD Status:DeferredCVE State: published
View at NVD, CVE.org, EUVD

CVE-2025-68179 is rated Low Risk (3.7/100): low exploitation likelihood (EPSS 0.02%). Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-68179

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-12-17 0.02%

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-68179

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-68179

OS Trackers for CVE-2025-68179

vendor priority summary link
debian unimportant CVE-2025-68179 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2025-68179
redhat medium https://access.redhat.com/security/cve/CVE-2025-68179
suse medium CVE-2025-68179 severity moderate: SUSE including 62 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 238 product×package rows across 37 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE Liberty Linux 9, … (37 product lines)): Known Not Affected 195, Fixed 43. https://www.suse.com/security/cve/CVE-2025-68179/
ubuntu medium CVE-2025-68179 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 178, released 126, not-affected 82, needed 7, pending 2. https://ubuntu.com/security/CVE-2025-68179

Affected software / configurations for CVE-2025-68179

Vendor Product Version Raw CPE
No affected products in dataset.

References for CVE-2025-68179

cvelogic Threat Intelligence