CVE-2025-38564

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The perf mmap() function in the Linux kernel does not correctly handle buffer mapping failures. Specifically, if mapping a buffer read-only into the page table fails after successful allocation or attachment, the function leaks reference counts, corrupts user virtual memory accounting, and results in an unbalanced invocation of event::event mapped(). This occurs because the event::event mapped() invocation is performed before the map range() call, and perf mmap close() is not invoked on map range() failure, leading to resource leaks and accounting errors.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911

Related Identifiers

BDU:2025-10723

CVE-2025-38564

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

Affected Products

Astra Linux

Linux Kernel

Suse

CVE-2025-38564

Weakness Enumeration

Related Identifiers

Affected Products

References · 1263