CVE-2025-38085

In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

huge_pmd_unshare() drops a reference on a page table that may have
previously been shared across processes, potentially turning it into a
normal page table used in another process in which unrelated VMAs can
afterwards be installed.

If this happens in the middle of a concurrent gup_fast(), gup_fast() could
end up walking the page tables of another process.  While I don't see any
way in which that immediately leads to kernel memory corruption, it is
really weird and unexpected.

Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),
just like we do in khugepaged when removing page tables for a THP
collapse.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux-hwe
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-hwe-5.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-hwe-5.8
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-hwe-5.11
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-hwe-5.13
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-hwe-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-hwe-5.19
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.2
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.8
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.11
plucky
dne
oracular
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-edge
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-lts-xenial
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
ignored
linux-kvm
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-allwinner-5.19
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.0
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-aws-5.3
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-aws-5.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-aws-5.8
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.11
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.13
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-aws-5.19
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-6.2
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-6.8
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-hwe
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
ignored
trusty
dne
linux-azure
plucky
needed
oracular
ignored
noble
needed
jammy
needed
focal
ignored
bionic
ignored
xenial
ignored
trusty
ignored
linux-azure-4.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-azure-5.3
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-azure-5.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-azure-5.8
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-5.11
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-5.13
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-5.19
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-6.2
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-6.8
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-6.11
plucky
dne
oracular
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-fde
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-fde-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
not-affected
bionic
dne
xenial
dne
trusty
dne
linux-azure-fde-5.19
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-fde-6.2
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-azure-nvidia
plucky
dne
oracular
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-bluefield
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-azure-edge
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-fips
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
needed
bionic
needed
xenial
needed
trusty
dne
linux-aws-fips
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
needed
bionic
needed
xenial
dne
trusty
dne
linux-azure-fips
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
needed
bionic
needed
xenial
dne
trusty
dne
linux-gcp-fips
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
needed
bionic
needed
xenial
dne
trusty
dne
linux-gcp
plucky
needed
oracular
ignored
noble
needed
jammy
needed
focal
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-gcp-4.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gcp-5.3
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gcp-5.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gcp-5.8
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gcp-5.11
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gcp-5.13
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gcp-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gcp-5.19
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.2
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.8
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.11
plucky
dne
oracular
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gke
plucky
dne
oracular
dne
noble
needed
jammy
needed
focal
ignored
bionic
dne
xenial
ignored
trusty
dne
linux-gke-4.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gke-5.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gke-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gkeop
plucky
dne
oracular
dne
noble
needed
jammy
needed
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-gkeop-5.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gkeop-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-ibm
plucky
dne
oracular
dne
noble
needed
jammy
needed
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-ibm-5.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-ibm-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-intel-5.13
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-intel-iotg
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-intel-iotg-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-iot
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-intel-iot-realtime
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency
plucky
dne
oracular
ignored
noble
needed
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-5.19
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-6.2
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-6.8
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lowlatency-hwe-6.11
plucky
dne
oracular
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia
plucky
dne
oracular
dne
noble
needed
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-6.2
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-6.8
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-lowlatency
plucky
dne
oracular
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-tegra
plucky
dne
oracular
dne
noble
needed
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-tegra-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-tegra-igx
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oracle-5.0
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-oracle-5.3
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-oracle-5.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-oracle-5.8
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oracle-5.11
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oracle-5.13
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oracle-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oracle-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oracle-6.8
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-oem-5.6
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oem-5.10
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oem-5.13
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oem-5.14
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-oem-5.17
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.0
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.1
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.8
plucky
dne
oracular
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.11
plucky
dne
oracular
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-6.14
plucky
dne
oracular
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-raspi2
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-raspi-5.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
dne
trusty
dne
linux-raspi-realtime
plucky
dne
oracular
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-riscv
plucky
needed
oracular
ignored
noble
ignored
jammy
ignored
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-riscv-5.8
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-riscv-5.11
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-riscv-5.15
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-riscv-5.19
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-riscv-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-riscv-6.8
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-riscv-6.14
plucky
dne
oracular
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-starfive-5.19
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-starfive-6.2
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-starfive-6.5
plucky
dne
oracular
dne
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-xilinx-zynqmp
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux
plucky
needed
oracular
ignored
noble
needed
jammy
pending
focal
ignored
bionic
ignored
xenial
ignored
trusty
ignored
linux-aws
plucky
needed
oracular
ignored
noble
needed
jammy
needed
focal
ignored
bionic
ignored
xenial
ignored
trusty
ignored
linux-oracle
plucky
needed
oracular
ignored
noble
needed
jammy
needed
focal
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-raspi
plucky
needed
oracular
ignored
noble
needed
jammy
needed
focal
ignored
bionic
dne
xenial
dne
trusty
dne
linux-realtime
plucky
needed
oracular
ignored
noble
needed
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-intel
plucky
dne
oracular
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-ibm-6.8
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-aws-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-gcp-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oracle-6.14
plucky
dne
noble
needed
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-6.11
plucky
dne
noble
ignored
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/034a52b5ef57c9c8225d94e9067f3390bb33922f
https://git.kernel.org/stable/c/1013af4f585fccc4d3e5c5824d174de2257f7d6d
https://git.kernel.org/stable/c/952596b08c74e8fe9e2883d1dc8a8f54a37384ec
https://git.kernel.org/stable/c/a3d864c901a300c295692d129159fc3001a56185
https://git.kernel.org/stable/c/a6bfeb97941a9187833b526bc6cc4ff5706d0ce9
https://git.kernel.org/stable/c/b7754d3aa7bf9f62218d096c0c8f6c13698fac8b
https://git.kernel.org/stable/c/fe684290418ef9ef76630072086ee530b92f02b8
https://project-zero.issues.chromium.org/issues/420715744