CVE-2025-38071
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-12-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 6.1.141 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.93 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.31 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.14.9 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's memory allocation code for x86 architecture. Specifically, when there is less than 4 MiB of contiguous free memory available, the function memblock_phys_alloc_range() can fail and return 0. The kernel does not properly check this failure return value, which causes memblock_phys_free() to incorrectly release the first 4 MiB of physical memory, leading to a kernel crash. The issue arises because the kernel does not handle this failure gracefully and lacks meaningful diagnostics.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash if the system has less than 4 MiB of contiguous free memory at a critical point during boot or memory allocation. Such a crash can lead to system instability, downtime, and potential data loss or service interruption.