CVE-2025-39776 — Use After Free in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 11
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
mm/debug_vm_pgtable: clear page table entries at destroy_args()
The mm/debug_vm_pagetable test allocates manually page table entries for
the tests it runs, using also its manually allocated mm_struct. That in
itself is ok, but when it exits, at destroy_args() it fails to clear those
entries with the *_clear functions.
The problem is that leaves stale entries. If another process allocates an
mm_struct with a pgd at the same ad…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linux3c9b84f044a9e54cf56d1b2c9b80a2d2ce56d70a — 7bf57a0709cd7c9088cea8de023d6f4fbf2518b0+6
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-84v6-6vmq-3v62: In the Linux kernel, the following vulnerability has been resolved:
mm/debug_vm_pgtable: clear page table entries at destroy_args()
The mm/debug_vm_↗2025-09-11
OSV▶
CVE-2025-39776: In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: clear page table entries at destroy_args() The mm/debug_vm_pa↗2025-09-11