CVE-2025-38084
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-28

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are taken - which is too early, it allows racing VMA-locked page faults in our process and racing rmap walks from other processes to cause page tables to be shared again before we actually perform the split. Fix it by explicitly calling into the hugetlb unshare logic from __split_vma() in the same place where THP splitting also happens. At that point, both the VMA and the rmap(s) are write-locked. An annoying detail is that we can now call into the helper hugetlb_unshare_pmds() from two different locking contexts: 1. from hugetlb_split(), holding: - mmap lock (exclusively) - VMA lock - file rmap lock (exclusively) 2. hugetlb_unshare_all_pmds(), which I think is designed to be able to call us with only the mmap lock held (in shared mode), but currently only runs while holding mmap lock (exclusively) and VMA lock Backporting note: This commit fixes a racy protection that was introduced in commit b30c14cd6102 ("hugetlb: unshare some PMDs when splitting VMAs"); that commit claimed to fix an issue introduced in 5.13, but it should actually also go all the way back. [[email protected]: v2]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-28
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-06-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38084
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 2.6.20 (inc) to 5.10.239 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.186 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.95 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.35 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.4 (exc)
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the timing of unsharing huge page tables during virtual memory area (VMA) splitting. The unsharing was triggered too early, before necessary locks were acquired, which allowed race conditions where page tables could be shared again improperly. The fix moves the unsharing to occur after acquiring the appropriate locks, preventing these race conditions and ensuring proper isolation of page tables during VMA splits.


How can this vulnerability impact me? :

This vulnerability can lead to race conditions in memory management, potentially causing page tables to be shared incorrectly between processes. This could result in memory corruption, data leakage, or instability in the system, impacting the security and reliability of applications running on the affected Linux kernel.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart