CVE-2025-38681

MEDIUM EPSS 1.7%
Published Sep 4, 20259mo ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Sep 4, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications of the kernel page tables. When leaf entries are modified concurrently, the dump code may log stale or inconsistent information for a VA range, but this is otherwise not harmful. But when intermediate levels of kernel page table are freed, the dump code will continue to use memory that has been freed and potentially reallocated for another purpose. In such cases, the ptdump code may dereference bogus addresses, leading to a number of potential problems. To avoid the above mentioned race condition, platforms such as arm64, riscv and s390 take memory hotplug lock, while dumping kernel page table via the sysfs interface /sys/kernel/debug/kernel_page_tables. Similar race condition exists while checking for pages that might have been marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages which in turn calls ptdump_check_wx(). Instead of solving this race condition again, let's just move the memory hotplug lock inside generic ptdump_check_wx() which will benefit both the scenarios. Drop get_online_mems() and put_online_mems() combination from all existing platform ptdump code paths.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥5.7  –  <5.10.241
linuxlinux_kernel*≥5.11  –  <5.15.190
linuxlinux_kernel*≥5.16  –  <6.1.149
linuxlinux_kernel*≥6.2  –  <6.6.103
linuxlinux_kernel*≥6.7  –  <6.12.43
linuxlinux_kernel*≥6.13  –  <6.15.11
linuxlinux_kernel*≥6.16  –  <6.16.2
debiandebian_linux11.0any

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/1636b5e9c3543b87d673e32a47e7c18698882425
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ee9a8c27bfd72c3f465004fa8455785d61be5e8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59305202c67fea50378dcad0cc199dbc13a0e99a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/67995d4244694928ce701928e530b5b4adeb17b4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/69bea84b06b5e779627e7afdbf4b60a7d231c76f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac25ec5fa2bf6e606dc7954488e4dded272fa9cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca8c414499f2e5337a95a76be0d21b728ee31c6b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff40839e018b82c4d756d035f34a63aa2d93be83
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1636b5e9c3543b87d673e32a47e7c18698882425
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ee9a8c27bfd72c3f465004fa8455785d61be5e8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59305202c67fea50378dcad0cc199dbc13a0e99a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/67995d4244694928ce701928e530b5b4adeb17b4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/69bea84b06b5e779627e7afdbf4b60a7d231c76f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac25ec5fa2bf6e606dc7954488e4dded272fa9cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca8c414499f2e5337a95a76be0d21b728ee31c6b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff40839e018b82c4d756d035f34a63aa2d93be83
    Patch