#VU112119 Improper locking in Linux kernel - CVE-2025-38084


Vulnerability identifier: #VU112119

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38084

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __split_vma() function in mm/vma.c, within the hugetlb_vma_lock_free(), hugetlb_vm_op_split(), move_hugetlb_state() and hugetlb_unshare_pmds() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/081056dc00a27bccb55ccc3c6f230a3d5fd3f7e0
https://git.kernel.org/stable/c/2511ac64bc1617ca716d3ba8464e481a647c1902
https://git.kernel.org/stable/c/366298f2b04d2bf1f2f2b7078405bdf9df9bd5d0
https://git.kernel.org/stable/c/8a21d5584826f4880f45bbf8f72375f4e6c0ff2a
https://git.kernel.org/stable/c/9cf5b2a3b72c23fb7b84736d5d19ee6ea718762b
https://git.kernel.org/stable/c/af6cfcd0efb7f051af221c418ec8b37a10211947
https://git.kernel.org/stable/c/e8847d18cd9fff1edbb45e963d9141273c3b539c

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP3 update for kernel
openEuler 22.03 LTS SP4 update for kernel
SUSE update for the Linux Kernel
openEuler 24.03 LTS SP2 update for kernel
openEuler 24.03 LTS update for kernel
openEuler 24.03 LTS SP1 update for kernel
SUSE update for the Linux Kernel
Ubuntu update for linux-hwe-6.14
Ubuntu update for linux-gcp-6.14
Ubuntu update for linux-aws-6.14