#VU112121 Buffer overflow in Linux kernel - CVE-2025-38085

Cybersecurity Help s.r.o.

Published: 2025-07-02

Vulnerability identifier: #VU112121

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38085

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the huge_pmd_unshare() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/034a52b5ef57c9c8225d94e9067f3390bb33922f
https://git.kernel.org/stable/c/1013af4f585fccc4d3e5c5824d174de2257f7d6d
https://git.kernel.org/stable/c/952596b08c74e8fe9e2883d1dc8a8f54a37384ec
https://git.kernel.org/stable/c/a3d864c901a300c295692d129159fc3001a56185
https://git.kernel.org/stable/c/a6bfeb97941a9187833b526bc6cc4ff5706d0ce9
https://git.kernel.org/stable/c/b7754d3aa7bf9f62218d096c0c8f6c13698fac8b
https://git.kernel.org/stable/c/fe684290418ef9ef76630072086ee530b92f02b8

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in Linux kernel mm