PT-2025-28884 · Linux+5 · Linux Kernel+5

Syzbot

Published

2025-07-09

Updated

2026-03-04

CVE-2025-38256

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux Kernel (affected versions not specified)

Description: A flaw exists in the Linux kernel's io uring resource management related to folio unpinning. Specifically, the issue arises when a tail page of a folio is pinned, and the io uring mechanism attempts to unpin the head page of the same folio. While this doesn't necessarily lead to immediate data corruption, it violates memory management expectations and triggers debug warnings. The recommended solution is to utilize unpin user folio() instead of unpin user page*.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2025-10754

CVE-2025-38256

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:02853-1

SUSE-SU-2025:02997-1

SUSE-SU-2025:03011-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025_02853-1

SUSE-SU-2025_02997-1

SUSE-SU-2025_03011-1

USN-7833-1

USN-7833-2

USN-7833-3

USN-7833-4

USN-7834-1

USN-7856-1

Affected Products

Astra Linux

Linux Kernel

Linuxmint

Red Os

Suse

Ubuntu

PT-2025-28884 · Linux+5 · Linux Kernel+5

CVE-2025-38256

Weakness Enumeration

Related Identifiers

Affected Products

References · 1632