CVE-2025-39989: x86/mce: use is_copy_from_user() to determine copy-from-user context

Description

In the Linux kernel, the following vulnerability has been resolved:

x86/mce: use is_copy_from_user() to determine copy-from-user context

Patch series "mm/hwpoison: Fix regressions in memory failure handling",
v4.

## 1. What am I trying to do:

This patchset resolves two critical regressions related to memory failure
handling that have appeared in the upstream kernel since version 5.17, as
compared to 5.10 LTS.

- copyin case: poison found in user page while kernel copying from user space
- instr case: poison found while instruction fetching in user space

## 2. What is the expected outcome and why

- For copyin case:

Kernel can recover from poison found where kernel is doing get_user() or
copy_from_user() if those places get an error return and the kernel return
-EFAULT to the process instead of crashing. More specifily, MCE handler
checks the fixup handler type to decide whether an in kernel #MC can be
recovered. When EX_TYPE_UACCESS is found, the PC jumps to recovery code
specified in _ASM_EXTABLE_FAULT() and return a -EFAULT to user space.

- For instr case:

If a poison found while instruction fetching in user space, full recovery
is possible. User process takes #PF, Linux allocates a new page and fills
by reading from storage.

## 3. What actually happens and why

- For copyin case: kernel panic since v5.17

Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new
extable fixup type, EX_TYPE_EFAULT_REG, and later patches updated the
exta...

Classification

CVE ID: CVE-2025-39989

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.92% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39989
https://git.kernel.org/stable/c/3e3d8169c0950a0b3cd5105f6403a78350dcac80
https://git.kernel.org/stable/c/449413da90a337f343cc5a73070cbd68e92e8a54
https://git.kernel.org/stable/c/0b8388e97ba6a8c033f9a8b5565af41af07f9345
https://git.kernel.org/stable/c/1a15bb8303b6b104e78028b6c68f76a0d4562134

Timeline