-
CVE-2025-38102
- EPSS 0.04%
- Veröffentlicht 03.07.2025 08:35:12
- Zuletzt bearbeitet 17.07.2025 17:15:36
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130 Modules linked in: CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef) RIP: 0010:try_grab_folio+0x106/0x130 Call Trace: <TASK> follow_huge_pmd+0x240/0x8e0 follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0 follow_pud_mask.constprop.0.isra.0+0x14a/0x170 follow_page_mask+0x1c2/0x1f0 __get_user_pages+0x176/0x950 __gup_longterm_locked+0x15b/0x1060 ? gup_fast+0x120/0x1f0 gup_fast_fallback+0x17e/0x230 get_user_pages_fast+0x5f/0x80 vmci_host_unlocked_ioctl+0x21c/0xf80 RIP: 0033:0x54d2cd ---[ end trace 0000000000000000 ]--- Digging into the source, context->notify_page may init by get_user_pages_fast and can be seen in vmci_ctx_unset_notify which will try to put_page. However get_user_pages_fast is not finished here and lead to following try_grab_folio warning. The race condition is shown as follow: cpu0 cpu1 vmci_host_do_set_notify vmci_host_setup_notify get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); lockless_pages_from_mm gup_pgd_range gup_huge_pmd // update &context->notify_page vmci_host_do_set_notify vmci_ctx_unset_notify notify_page = context->notify_page; if (notify_page) put_page(notify_page); // page is freed __gup_longterm_locked __get_user_pages follow_trans_huge_pmd try_grab_folio // warn here To slove this, use local variable page to make notify_page can be seen after finish get_user_pages_fast.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
74095bbbb19ca74a0368d857603a2438c88ca86c
Version
a1d88436d53a75e950db15834b3d2f8c0c358fdc
Status
affected
Version <
468aec888f838ce5174b96e0cb4396790d6f60ca
Version
a1d88436d53a75e950db15834b3d2f8c0c358fdc
Status
affected
Version <
b4209e4b778e4e57d0636e1c9fc07a924dbc6043
Version
a1d88436d53a75e950db15834b3d2f8c0c358fdc
Status
affected
Version <
58a90db70aa6616411e5f69d1982d9b1dd97d774
Version
a1d88436d53a75e950db15834b3d2f8c0c358fdc
Status
affected
Version <
6e3af836805ed1d7a699f76ec798626198917aa4
Version
a1d88436d53a75e950db15834b3d2f8c0c358fdc
Status
affected
Version <
00ddc7dad55b7bbb78df80d6e174d0c4764dea0c
Version
a1d88436d53a75e950db15834b3d2f8c0c358fdc
Status
affected
Version <
75b5313c80c39a26d27cbb602f968a05576c36f9
Version
a1d88436d53a75e950db15834b3d2f8c0c358fdc
Status
affected
Version <
1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4
Version
a1d88436d53a75e950db15834b3d2f8c0c358fdc
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.0
Status
affected
Version <
4.0
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.296
Status
unaffected
Version <=
5.10.*
Version
5.10.240
Status
unaffected
Version <=
5.15.*
Version
5.15.186
Status
unaffected
Version <=
6.1.*
Version
6.1.142
Status
unaffected
Version <=
6.6.*
Version
6.6.94
Status
unaffected
Version <=
6.12.*
Version
6.12.34
Status
unaffected
Version <=
6.15.*
Version
6.15.3
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.097 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|