CVE-2025-38242Race Condition in Linux

CWE-362Race ConditionCWE-367Time-of-check Time-of-use (TOCTOU) Race Condition17 documents6 sources
Severity
4.7MEDIUMNVD
OSV5.6
EPSS
0.0%
top 94.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJul 9
Latest updateNov 4

Description

In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we may see the same BUG_ON if the filemap lookup returned NULL and folio is added to swap cache after that. If another kind of race is triggered (folio changed after lookup) we may see RSS counter is corrupted: [ 406.893936] BUG: Bad rss-counter s

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.86.12.37+2
Debianlinux/linux_kernel< 6.12.37-1+1
CVEListV5linux/linuxadef440691bab824e39c1b17382322d195e1fab04c443046d8c9ed8724a4f4c3c2457d3ac8814b2f+3
debiandebian/linux< linux 6.12.37-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

8
OSV
linux-hwe-6.14 vulnerabilities2025-11-04
OSV
linux-gcp-6.14 vulnerabilities2025-10-31
OSV
linux-aws-6.14 vulnerabilities2025-10-24
OSV
linux-realtime-6.14 vulnerabilities2025-10-22
OSV
linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14 vulnerabilities2025-10-22

📋Vendor Advisories

8
Ubuntu
Linux kernel (HWE) vulnerabilities2025-11-04
Ubuntu
Linux kernel (GCP) vulnerabilities2025-10-31
Ubuntu
Linux kernel (AWS) vulnerabilities2025-10-24
Ubuntu
Linux kernel (Azure) vulnerabilities2025-10-22
Ubuntu
Linux kernel (Real-time) vulnerabilities2025-10-22
CVE-2025-38242 — Race Condition in Linux | cvebase