CVE-2025-38085

mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

Description

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don't see any way in which that immediately leads to kernel memory corruption, it is really weird and unexpected. Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(), just like we do in khugepaged when removing page tables for a THP collapse.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/952596b08c74e8fe9e2883d1dc8a8f54a37384ec
https://git.kernel.org/stable/c/a3d864c901a300c295692d129159fc3001a56185
https://git.kernel.org/stable/c/b7754d3aa7bf9f62218d096c0c8f6c13698fac8b
https://git.kernel.org/stable/c/fe684290418ef9ef76630072086ee530b92f02b8
https://git.kernel.org/stable/c/034a52b5ef57c9c8225d94e9067f3390bb33922f
https://git.kernel.org/stable/c/a6bfeb97941a9187833b526bc6cc4ff5706d0ce9
https://git.kernel.org/stable/c/1013af4f585fccc4d3e5c5824d174de2257f7d6d

Frequently Asked Questions

What is the severity of CVE-2025-38085?
CVE-2025-38085 has not yet been assigned a CVSS score.
How to fix CVE-2025-38085?
To fix CVE-2025-38085, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38085 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38085 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38085?
CVE-2025-38085 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.