-

CVE-2025-38085

EPSS 0.04%
Published 28.06.2025 07:44:26
Last modified 30.07.2025 06:15:27
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

huge_pmd_unshare() drops a reference on a page table that may have
previously been shared across processes, potentially turning it into a
normal page table used in another process in which unrelated VMAs can
afterwards be installed.

If this happens in the middle of a concurrent gup_fast(), gup_fast() could
end up walking the page tables of another process.  While I don't see any
way in which that immediately leads to kernel memory corruption, it is
really weird and unexpected.

Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),
just like we do in khugepaged when removing page tables for a THP
collapse.

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 952596b08c74e8fe9e2883d1dc8a8f54a37384ec

Version 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa

Status affected

Version < a3d864c901a300c295692d129159fc3001a56185

Version 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa

Status affected

Version < b7754d3aa7bf9f62218d096c0c8f6c13698fac8b

Version 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa

Status affected

Version < fe684290418ef9ef76630072086ee530b92f02b8

Version 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa

Status affected

Version < 034a52b5ef57c9c8225d94e9067f3390bb33922f

Version 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa

Status affected

Version < a6bfeb97941a9187833b526bc6cc4ff5706d0ce9

Version 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa

Status affected

Version < 1013af4f585fccc4d3e5c5824d174de2257f7d6d

Version 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 2.6.20

Status affected

Version < 2.6.20

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.239

Status unaffected

Version <= 5.15.*

Version 5.15.186

Status unaffected

Version <= 6.1.*

Version 6.1.142

Status unaffected

Version <= 6.6.*

Version 6.6.95

Status unaffected

Version <= 6.12.*

Version 6.12.35

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.096

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/952596b08c74e8fe9e2883d1dc8a8f54a37384ec

https://git.kernel.org/stable/c/a3d864c901a300c295692d129159fc3001a56185

https://git.kernel.org/stable/c/b7754d3aa7bf9f62218d096c0c8f6c13698fac8b

https://git.kernel.org/stable/c/fe684290418ef9ef76630072086ee530b92f02b8

https://git.kernel.org/stable/c/034a52b5ef57c9c8225d94e9067f3390bb33922f

https://git.kernel.org/stable/c/a6bfeb97941a9187833b526bc6cc4ff5706d0ce9

https://git.kernel.org/stable/c/1013af4f585fccc4d3e5c5824d174de2257f7d6d

https://project-zero.issues.chromium.org/issues/420715744

https://nvd.nist.gov/vuln/detail/CVE-2025-38085

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38085

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38085

EUVD