-

CVE-2025-38681

In the Linux kernel, the following vulnerability has been resolved:

mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()

Memory hot remove unmaps and tears down various kernel page table regions
as required.  The ptdump code can race with concurrent modifications of
the kernel page tables.  When leaf entries are modified concurrently, the
dump code may log stale or inconsistent information for a VA range, but
this is otherwise not harmful.

But when intermediate levels of kernel page table are freed, the dump code
will continue to use memory that has been freed and potentially
reallocated for another purpose.  In such cases, the ptdump code may
dereference bogus addresses, leading to a number of potential problems.

To avoid the above mentioned race condition, platforms such as arm64,
riscv and s390 take memory hotplug lock, while dumping kernel page table
via the sysfs interface /sys/kernel/debug/kernel_page_tables.

Similar race condition exists while checking for pages that might have
been marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages
which in turn calls ptdump_check_wx().  Instead of solving this race
condition again, let's just move the memory hotplug lock inside generic
ptdump_check_wx() which will benefit both the scenarios.

Drop get_online_mems() and put_online_mems() combination from all existing
platform ptdump code paths.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
Product Linux
Default Statusunaffected
Version < 3ee9a8c27bfd72c3f465004fa8455785d61be5e8
Version bbd6ec605c0fc286c3f8ce60b4ed44635361d58b
Status affected
Version < 69bea84b06b5e779627e7afdbf4b60a7d231c76f
Version bbd6ec605c0fc286c3f8ce60b4ed44635361d58b
Status affected
Version < ac25ec5fa2bf6e606dc7954488e4dded272fa9cd
Version bbd6ec605c0fc286c3f8ce60b4ed44635361d58b
Status affected
Version < 1636b5e9c3543b87d673e32a47e7c18698882425
Version bbd6ec605c0fc286c3f8ce60b4ed44635361d58b
Status affected
Version < ff40839e018b82c4d756d035f34a63aa2d93be83
Version bbd6ec605c0fc286c3f8ce60b4ed44635361d58b
Status affected
Version < 67995d4244694928ce701928e530b5b4adeb17b4
Version bbd6ec605c0fc286c3f8ce60b4ed44635361d58b
Status affected
Version < ca8c414499f2e5337a95a76be0d21b728ee31c6b
Version bbd6ec605c0fc286c3f8ce60b4ed44635361d58b
Status affected
Version < 59305202c67fea50378dcad0cc199dbc13a0e99a
Version bbd6ec605c0fc286c3f8ce60b4ed44635361d58b
Status affected
VendorLinux
Product Linux
Default Statusaffected
Version 5.7
Status affected
Version < 5.7
Version 0
Status unaffected
Version <= 5.10.*
Version 5.10.241
Status unaffected
Version <= 5.15.*
Version 5.15.190
Status unaffected
Version <= 6.1.*
Version 6.1.149
Status unaffected
Version <= 6.6.*
Version 6.6.103
Status unaffected
Version <= 6.12.*
Version 6.12.43
Status unaffected
Version <= 6.15.*
Version 6.15.11
Status unaffected
Version <= 6.16.*
Version 6.16.2
Status unaffected
Version <= *
Version 6.17-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.092
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string