CVE-2025-38383

EPSS 0.03%
Veröffentlicht 25.07.2025 13:15:27
Zuletzt bearbeitet 25.07.2025 15:29:19
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

mm/vmalloc: fix data race in show_numa_info()

The following data-race was found in show_numa_info():

==================================================================
BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show

read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0:
 show_numa_info mm/vmalloc.c:4936 [inline]
 vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016
 seq_read_iter+0x373/0xb40 fs/seq_file.c:230
 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299
....

write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1:
 show_numa_info mm/vmalloc.c:4934 [inline]
 vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016
 seq_read_iter+0x373/0xb40 fs/seq_file.c:230
 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299
....

value changed: 0x0000008f -> 0x00000000
==================================================================

According to this report,there is a read/write data-race because
m->private is accessible to multiple CPUs.  To fix this, instead of
allocating the heap in proc_vmalloc_init() and passing the heap address to
m->private, vmalloc_info_show() should allocate the heap.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ead91de35d9cd5c4f80ec51e6020f342079170af

Version 8e1d743f2c2671aa54f6f91a2b33823f92512870

Status affected

Version < 5c966f447a584ece3c70395898231aeb56256ee7

Version 8e1d743f2c2671aa54f6f91a2b33823f92512870

Status affected

Version < 5c5f0468d172ddec2e333d738d2a1f85402cf0bc

Version 8e1d743f2c2671aa54f6f91a2b33823f92512870

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.9

Status affected

Version < 6.9

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.37

Status unaffected

Version <= 6.15.*

Version 6.15.6

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/5c5f0468d172ddec2e333d738d2a1f85402cf0bc

https://git.kernel.org/stable/c/5c966f447a584ece3c70395898231aeb56256ee7

https://git.kernel.org/stable/c/ead91de35d9cd5c4f80ec51e6020f342079170af

https://nvd.nist.gov/vuln/detail/CVE-2025-38383

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38383

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38383

EUVD