CVE-2025-38424
published 2025-07-25CVE-2025-38424: In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs do_exit() Baisheng Gao reported an ARM64 crash, which Mark decoded as…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix sample vs do_exit()
Baisheng Gao reported an ARM64 crash, which Mark decoded as being a
synchronous external abort -- most likely due to trying to access
MMIO in bad ways.
The crash further shows perf trying to do a user stack sample while in
exit_mmap()'s tlb_finish_mmu() -- i.e. while tearing down the address
space it is trying to access.
It turns out that we stop perf after we tear down the userspace mm; a
receipie for disaster, since perf likes to access userspace for
various reasons.
Flip this order by moving up where we stop perf in do_exit().
Additionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER
to abort when the current task does not have an mm (exit_mm() makes
sure to set current->mm = NULL; before commencing with the actual
teardown). Such that CPU wide events don't trip on this same problem.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 < 7b8f3c72175c6a63a95cf2e219f8b78e2baad34e | 7b8f3c72175c6a63a95cf2e219f8b78e2baad34e |
| linux | linux | >= c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 < 507c9a595bad3abd107c6a8857d7fd125d89f386 | 507c9a595bad3abd107c6a8857d7fd125d89f386 |
| linux | linux | >= c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 < a9f6aab7910a0ef2895797f15c947f6d1053160f | a9f6aab7910a0ef2895797f15c947f6d1053160f |
| linux | linux | >= c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 < 975ffddfa2e19823c719459d2364fcaa17673964 | 975ffddfa2e19823c719459d2364fcaa17673964 |
| linux | linux | >= c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 < 2ee6044a693735396bb47eeaba1ac3ae26c1c99b | 2ee6044a693735396bb47eeaba1ac3ae26c1c99b |
| linux | linux | >= c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 < 456019adaa2f5366b89c868dea9b483179bece54 | 456019adaa2f5366b89c868dea9b483179bece54 |
| linux | linux | >= c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 < 7311970d07c4606362081250da95f2c7901fc0db | 7311970d07c4606362081250da95f2c7901fc0db |
| linux | linux | >= c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 < 4f6fc782128355931527cefe3eb45338abd8ab39 | 4f6fc782128355931527cefe3eb45338abd8ab39 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.35-1 | 6.12.35-1 |
| linux | linux_kernel | >= 0 < 6.12.35-1 | 6.12.35-1 |
| linux | linux_kernel | >= 0 < 5.15.0-156.166 | 5.15.0-156.166 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 3.7 < 5.4.295 | 5.4.295 |
| linux | linux_kernel | >= 5.11 < 5.15.186 | 5.15.186 |
| linux | linux_kernel | >= 5.16 < 6.1.142 | 6.1.142 |
| linux | linux_kernel | >= 5.5 < 5.10.239 | 5.10.239 |
| linux | linux_kernel | >= 6.13 < 6.15.4 | 6.15.4 |
| linux | linux_kernel | >= 6.2 < 6.6.95 | 6.6.95 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.6MEDIUM