CVE-2025-38256

EPSS 0.03%
Published 09.07.2025 10:42:33
Last modified 10.07.2025 13:17:30
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

io_uring/rsrc: fix folio unpinning

syzbot complains about an unmapping failure:

[  108.070381][   T14] kernel BUG at mm/gup.c:71!
[  108.070502][   T14] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
[  108.123672][   T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025
[  108.127458][   T14] Workqueue: iou_exit io_ring_exit_work
[  108.174205][   T14] Call trace:
[  108.175649][   T14]  sanity_check_pinned_pages+0x7cc/0x7d0 (P)
[  108.178138][   T14]  unpin_user_page+0x80/0x10c
[  108.180189][   T14]  io_release_ubuf+0x84/0xf8
[  108.182196][   T14]  io_free_rsrc_node+0x250/0x57c
[  108.184345][   T14]  io_rsrc_data_free+0x148/0x298
[  108.186493][   T14]  io_sqe_buffers_unregister+0x84/0xa0
[  108.188991][   T14]  io_ring_ctx_free+0x48/0x480
[  108.191057][   T14]  io_ring_exit_work+0x764/0x7d8
[  108.193207][   T14]  process_one_work+0x7e8/0x155c
[  108.195431][   T14]  worker_thread+0x958/0xed8
[  108.197561][   T14]  kthread+0x5fc/0x75c
[  108.199362][   T14]  ret_from_fork+0x10/0x20

We can pin a tail page of a folio, but then io_uring will try to unpin
the head page of the folio. While it should be fine in terms of keeping
the page actually alive, mm folks say it's wrong and triggers a debug
warning. Use unpin_user_folio() instead of unpin_user_page*.

[axboe: adapt to current tree, massage commit message]

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 53fd75f25b223878b5fff14932e3a22f42b54f77

Version a8edbb424b1391b077407c75d8f5d2ede77aa70d

Status affected

Version < 11e7b7369e655e6131387b174218d7fa9557b3da

Version a8edbb424b1391b077407c75d8f5d2ede77aa70d

Status affected

Version < 5afb4bf9fc62d828647647ec31745083637132e4

Version a8edbb424b1391b077407c75d8f5d2ede77aa70d

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.12

Status affected

Version < 6.12

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.36

Status unaffected

Version <= 6.15.*

Version 6.15.5

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.052

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/53fd75f25b223878b5fff14932e3a22f42b54f77

https://git.kernel.org/stable/c/11e7b7369e655e6131387b174218d7fa9557b3da

https://git.kernel.org/stable/c/5afb4bf9fc62d828647647ec31745083637132e4

https://nvd.nist.gov/vuln/detail/CVE-2025-38256

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38256

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38256

EUVD