CVE-2025-38565

perf/core: Exit early on perf_mmap() fail

Description

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed reference counter. But nothing undoes this as perf_mmap_close() is never called in this case, which causes another reference count leak. Return early on failure to prevent that.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5ffda7f3ed76ec8defc19d985e33b3b82ba07839
https://git.kernel.org/stable/c/9b90a48c7de828a15c7a4fc565d46999c6e22d6b
https://git.kernel.org/stable/c/de85e72598d89880a02170a1cbc27b35a7d978a9
https://git.kernel.org/stable/c/27d44145bd576bbef9bf6165bcd78128ec3e6cbd
https://git.kernel.org/stable/c/f41e9eba77bf97626e04296dc5677d02816d2432
https://git.kernel.org/stable/c/92043120a2e992800580855498ab8507e1b22db9
https://git.kernel.org/stable/c/163b0d1a209fe0df5476c1df2330ca12b55abf92
https://git.kernel.org/stable/c/7ff8521f30c4c2fcd4e88bd7640486602bf8a650
https://git.kernel.org/stable/c/07091aade394f690e7b655578140ef84d0e8d7b0

Frequently Asked Questions

What is the severity of CVE-2025-38565?
CVE-2025-38565 has not yet been assigned a CVSS score.
How to fix CVE-2025-38565?
To fix CVE-2025-38565, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38565 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38565 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38565?
CVE-2025-38565 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.