CVE-2025-38383

MEDIUM EPSS 1.6%
Published Jul 25, 202511mo ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in show_numa_info() The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0: show_numa_info mm/vmalloc.c:4936 [inline] vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 .... write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1: show_numa_info mm/vmalloc.c:4934 [inline] vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 .... value changed: 0x0000008f -> 0x00000000 ================================================================== According to this report,there is a read/write data-race because m->private is accessible to multiple CPUs. To fix this, instead of allocating the heap in proc_vmalloc_init() and passing the heap address to m->private, vmalloc_info_show() should allocate the heap.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.9  –  <6.12.37
linuxlinux_kernel*≥6.13  –  <6.15.6

References 3

  • git.kernel.org https://git.kernel.org/stable/c/5c5f0468d172ddec2e333d738d2a1f85402cf0bc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5c966f447a584ece3c70395898231aeb56256ee7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ead91de35d9cd5c4f80ec51e6020f342079170af
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5c5f0468d172ddec2e333d738d2a1f85402cf0bc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5c966f447a584ece3c70395898231aeb56256ee7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ead91de35d9cd5c4f80ec51e6020f342079170af
    Patch