CVE-2025-38504

EUVD-2025-25094
In the Linux kernel, the following vulnerability has been resolved:

io_uring/zcrx: fix pp destruction warnings

With multiple page pools and in some other cases we can have allocated
niovs on page pool destruction. Remove a misplaced warning checking that
all niovs are returned to zcrx on io_pp_zc_destroy(). It was reported
before but apparently got lost.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.15 ≤
𝑥
< 6.15.7
linuxlinux_kernel
6.16:rc1
linuxlinux_kernel
6.16:rc2
linuxlinux_kernel
6.16:rc3
linuxlinux_kernel
6.16:rc4
linuxlinux_kernel
6.16:rc5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.172-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-5
fixed
forky
7.0.7-1
fixed
sid
7.0.7-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.88-1
fixed
References
https://git.kernel.org/stable/c/203817de269539c062724d97dfa5af3cdf77a3ec
https://git.kernel.org/stable/c/ad9f1b5bed082b9c910e2a24bae0286a70846909