CVE-2025-38447
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential out-of-bounds page table access in the Linux kernel's memory management subsystem. Specifically, during the batched unmap operation in the try_to_unmap_one() function, the code may read beyond the end of a page table entry (PTE) table when a large memory folio's PTE mappings span multiple page tables. Although this situation is rare, it can be triggered from userspace. The issue was fixed by refactoring the logic into a new helper function that safely calculates the batch size to avoid reading past boundaries.
How can this vulnerability impact me? :
This vulnerability could potentially lead to out-of-bounds memory access in the kernel, which might cause system instability, crashes, or potentially allow an attacker to exploit the kernel memory for privilege escalation or other malicious activities. Since it can be triggered from userspace, it poses a security risk to systems running vulnerable Linux kernel versions.