CVE-2025-38564Detection of Error Condition Without Action in Linux

CWE-390Detection of Error Condition Without Action6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedAug 19

Description

In the Linux kernel, the following vulnerability has been resolved: perf/core: Handle buffer mapping fail correctly in perf_mmap() After successful allocation of a buffer or a successful attachment to an existing buffer perf_mmap() tries to map the buffer read only into the page table. If that fails, the already set up page table entries are zapped, but the other perf specific side effects of that failure are not handled. The calling code just cleans up the VMA and does not invoke perf_mmap_cl

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel6.146.15.10+1
CVEListV5linux/linuxb709eb872e19a19607bbb6d2975bc264d59735cf831e1c90a5d72e6977a57c44f47c46b73a438695+3
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-m482-hf2v-9c7j: In the Linux kernel, the following vulnerability has been resolved: perf/core: Handle buffer mapping fail correctly in perf_mmap() After successful2025-08-19
OSV
CVE-2025-38564: In the Linux kernel, the following vulnerability has been resolved: perf/core: Handle buffer mapping fail correctly in perf_mmap() After successful al2025-08-19

📋Vendor Advisories

3
Red Hat
kernel: Linux kernel: Denial of Service due to improper perf_mmap() buffer mapping error handling2025-08-19
Debian
CVE-2025-38564: linux - In the Linux kernel, the following vulnerability has been resolved: perf/core: ...2025
Microsoft
bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE2024-06-11
CVE-2025-38564 — Linux vulnerability | cvebase