CVE-2025-38563Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count21 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedAug 19
Latest updateDec 16

Description

In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is established, subsequent mapping have to use the same offset and the same size in both cases. The reference counting for the ringbuffer and the auxiliary buffer depends on this being correct. Though perf does

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel4.15.4.297+7
Debianlinux/linux_kernel< 5.10.244-1+3
CVEListV5linux/linux45bfb2e50471abbbfd83d40d28c986078b0d24ffe4346ffec2c44d6b0be834d59b20632b5bb5729e+9

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2025-38563: In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful abou2025-08-19
CVEList
perf/core: Prevent VMA split of buffer mappings2025-08-19
GHSA
GHSA-722p-jvv6-w5fv: In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful ab2025-08-19

📋Vendor Advisories

17
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-16
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-15
Ubuntu
Linux kernel (KVM) vulnerabilities2025-12-15
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-12-15
Ubuntu
Linux kernel vulnerabilities2025-12-05
CVE-2025-38563 — Improper Update of Reference Count | cvebase