๐Ÿ” CVE Alert

CVE-2025-38085

UNKNOWN 0.0

mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don't see any way in which that immediately leads to kernel memory corruption, it is really weird and unexpected. Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(), just like we do in khugepaged when removing page tables for a THP collapse.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Jun 28, 2025
Last Updated May 11, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa < 952596b08c74e8fe9e2883d1dc8a8f54a37384ec 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa < a3d864c901a300c295692d129159fc3001a56185 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa < b7754d3aa7bf9f62218d096c0c8f6c13698fac8b 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa < fe684290418ef9ef76630072086ee530b92f02b8 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa < 034a52b5ef57c9c8225d94e9067f3390bb33922f 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa < a6bfeb97941a9187833b526bc6cc4ff5706d0ce9 39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa < 1013af4f585fccc4d3e5c5824d174de2257f7d6d
Linux / Linux
2.6.20

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/952596b08c74e8fe9e2883d1dc8a8f54a37384ec git.kernel.org: https://git.kernel.org/stable/c/a3d864c901a300c295692d129159fc3001a56185 git.kernel.org: https://git.kernel.org/stable/c/b7754d3aa7bf9f62218d096c0c8f6c13698fac8b git.kernel.org: https://git.kernel.org/stable/c/fe684290418ef9ef76630072086ee530b92f02b8 git.kernel.org: https://git.kernel.org/stable/c/034a52b5ef57c9c8225d94e9067f3390bb33922f git.kernel.org: https://git.kernel.org/stable/c/a6bfeb97941a9187833b526bc6cc4ff5706d0ce9 git.kernel.org: https://git.kernel.org/stable/c/1013af4f585fccc4d3e5c5824d174de2257f7d6d project-zero.issues.chromium.org: https://project-zero.issues.chromium.org/issues/420715744 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html