CVE-2025-38447

25.07.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

mm/rmap: fix potential out-of-bounds page table access during batched unmap

As pointed out by David[1], the batched unmap logic in
try_to_unmap_one() may read past the end of a PTE table when a large
folio's PTE mappings are not fully contained within a single page
table.

While this scenario might be rare, an issue triggerable from userspace
must be fixed regardless of its likelihood.  This patch fixes the
out-of-bounds access by refactoring the logic into a new helper,
folio_unmap_pte_batch().

The new helper correctly calculates the safe batch size by capping the
scan at both the VMA and PMD boundaries.  To simplify the code, it also
supports partial batching (i.e., any number of pages from 1 up to the
calculated safe maximum), as there is no strong reason to special-case
for fully mapped folios.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.41-1 fixed
forky	6.16.3-1 fixed
sid	6.16.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

plucky	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-hwe

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	not-affected
trusty	dne

linux-hwe-5.4

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-hwe-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.19

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.2

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.8

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.11

plucky	dne
noble	ignored
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.14

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-edge

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-lts-xenial

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	not-affected

linux-kvm

plucky	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-allwinner-5.19

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.0

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.3

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.4

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-aws-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.19

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.2

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.8

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.14

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-hwe

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	not-affected
trusty	dne

linux-azure

plucky	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected
trusty	not-affected

linux-azure-4.15

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-5.3

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gcp-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.4

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.19

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.2

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.8

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.11

plucky	dne
noble	ignored
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde

plucky	dne
noble	dne
jammy	not-affected
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.19

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-6.2

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-nvidia

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-bluefield

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-azure-edge

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-fips

plucky	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-aws-fips

plucky	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-fips

plucky	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-fips

plucky	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp

plucky	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected
trusty	dne

linux-gcp-4.15

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-5.3

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gcp-5.4

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.19

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.2

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.8

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.11

plucky	dne
noble	ignored
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.14

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gke

plucky	dne
noble	not-affected
jammy	not-affected
focal	ignored
bionic	dne
xenial	ignored
trusty	dne

linux-gke-4.15

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gke-5.4

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gke-5.15

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gkeop

plucky	dne
noble	not-affected
jammy	not-affected
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gkeop-5.4

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gkeop-5.15

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-ibm

plucky	dne
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-ibm-5.4

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-ibm-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-ibm-6.8

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-iot

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-intel-iot-realtime

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency

plucky	dne
noble	not-affected
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.19

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.2

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.8

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.11

plucky	dne
noble	ignored
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia

plucky	dne
noble	not-affected
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.2

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.8

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-lowlatency

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-tegra

plucky	dne
noble	not-affected
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-tegra-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-tegra-igx

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.0

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.3

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.4

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-oracle-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.8

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.14

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-oem-5.6

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.10

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.13

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.14

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.17

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.0

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.1

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.8

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.11

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.14

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi2

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	ignored
xenial	ignored
trusty	dne

linux-raspi-5.4

plucky	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-raspi-realtime

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv

plucky	not-affected
noble	ignored
jammy	ignored
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.8

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.11

plucky	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.15

plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.19

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.8

plucky	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.14

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-5.19

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.2

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.5

plucky	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-xilinx-zynqmp

plucky	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-aws

plucky	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-oracle

plucky	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-raspi

plucky	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-realtime

plucky	not-affected
noble	not-affected
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.11

plucky	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuführen.
Published: 2025-07-27T22:00:00+00:00

References

https://git.kernel.org/stable/c/510fe9c15d07e765d96be9a9dc37e5057c6c09f4

https://git.kernel.org/stable/c/ddd05742b45b083975a0855ef6ebbf88cf1f532a