#VU112121 Buffer overflow in Linux kernel - CVE-2025-38085
Published: July 2, 2025
Vulnerability identifier: #VU112121
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38085
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the huge_pmd_unshare() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/034a52b5ef57c9c8225d94e9067f3390bb33922f
- https://git.kernel.org/stable/c/1013af4f585fccc4d3e5c5824d174de2257f7d6d
- https://git.kernel.org/stable/c/952596b08c74e8fe9e2883d1dc8a8f54a37384ec
- https://git.kernel.org/stable/c/a3d864c901a300c295692d129159fc3001a56185
- https://git.kernel.org/stable/c/a6bfeb97941a9187833b526bc6cc4ff5706d0ce9
- https://git.kernel.org/stable/c/b7754d3aa7bf9f62218d096c0c8f6c13698fac8b
- https://git.kernel.org/stable/c/fe684290418ef9ef76630072086ee530b92f02b8