CVE-2025-38085

EPSS 0.03%
Veröffentlicht 28.06.2025 07:44:26
Zuletzt bearbeitet 18.12.2025 21:21:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

huge_pmd_unshare() drops a reference on a page table that may have
previously been shared across processes, potentially turning it into a
normal page table used in another process in which unrelated VMAs can
afterwards be installed.

If this happens in the middle of a concurrent gup_fast(), gup_fast() could
end up walking the page tables of another process.  While I don't see any
way in which that immediately leads to kernel memory corruption, it is
really weird and unexpected.

Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),
just like we do in khugepaged when removing page tables for a THP
collapse.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.20 < 5.10.239

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.186

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.142

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.95

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.35

Linux ≫ Linux Kernel Version >= 6.13 < 6.15.4

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.077

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/952596b08c74e8fe9e2883d1dc8a8f54a37384ec

Patch

https://git.kernel.org/stable/c/a3d864c901a300c295692d129159fc3001a56185

Patch

https://git.kernel.org/stable/c/b7754d3aa7bf9f62218d096c0c8f6c13698fac8b

Patch

https://git.kernel.org/stable/c/fe684290418ef9ef76630072086ee530b92f02b8

Patch

https://git.kernel.org/stable/c/034a52b5ef57c9c8225d94e9067f3390bb33922f

Patch

https://git.kernel.org/stable/c/a6bfeb97941a9187833b526bc6cc4ff5706d0ce9

Patch