CVE-2025-38256 — Release of Invalid Pointer or Reference in Linux

CWE-763 — Release of Invalid Pointer or Reference17 documents6 sources

Severity

5.5MEDIUMNVD

OSV5.6

EPSS

0.0%

top 95.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedJul 9

Latest updateNov 4

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: [ 108.070381][ T14] kernel BUG at mm/gup.c:71! [ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025 [ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work [ 108.174205][ T14] Call trace: [ 108.175649][ T14] sanity_check_pinned_…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel6.12 — 6.12.36+2

▶Debianlinux/linux_kernel< 6.12.37-1+1

▶CVEListV5linux/linuxa8edbb424b1391b077407c75d8f5d2ede77aa70d — 53fd75f25b223878b5fff14932e3a22f42b54f77+3

▶debiandebian/linux< linux 6.12.37-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-hwe-6.14 vulnerabilities↗2025-11-04

▶

OSV

linux-gcp-6.14 vulnerabilities↗2025-10-31

▶

OSV

linux-aws-6.14 vulnerabilities↗2025-10-24

▶

OSV

linux-realtime-6.14 vulnerabilities↗2025-10-22

▶

OSV

linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14 vulnerabilities↗2025-10-22

▶

📋Vendor Advisories

Ubuntu

Linux kernel (HWE) vulnerabilities↗2025-11-04

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2025-10-31

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2025-10-24

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-10-22

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2025-10-22

▶