CVE-2025-38364
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-12-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid re-allocating in bulk allocation mode, and to detect issues with preallocation calculations. The MA_STATE_PREALLOC flag should also always be set on zero allocations so that detection of underflow allocations will print a WARN_ON() during consumption. User visible effect of this flaw is a WARN_ON() followed by a null pointer dereference when subsequent requests for larger number of nodes is ignored, such as the vma merge retry in mmap_region() caused by drivers altering the vma flags (which happens in v6.6, at least)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-12-16
Generated
2026-05-07
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38364
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.1 (inc) to 6.1.146 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.99 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.36 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.5 (exc)
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the maple_tree data structure where the MA_STATE_PREALLOC flag was not handled correctly in the mas_preallocate() function. The flaw caused the preallocation flag to remain set during explicit allocation requests, preventing new allocations from occurring when they should. This leads to a WARN_ON() message followed by a null pointer dereference when larger allocation requests are ignored, such as during vma merge retries triggered by drivers altering vma flags.


How can this vulnerability impact me? :

The vulnerability can cause the Linux kernel to issue warnings and then crash due to null pointer dereferences when memory allocation requests are ignored improperly. This can lead to system instability or crashes, especially in scenarios involving memory management operations like vma merges influenced by drivers.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart