PT-2025-35954 · Linux+5 · Linux Kernel+5

Published

2025-06-20

·

Updated

2026-04-20

·

CVE-2025-38681

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw in the mm/ptdump component where the code can race with concurrent modifications of kernel page tables. Specifically, when intermediate levels of kernel page tables are freed, the dump code may dereference bogus addresses, potentially leading to issues. This occurs during memory hot remove operations and when checking for pages marked with write and execute permissions via the /sys/kernel/debug/kernel page tables/check wx pages interface, which calls the ptdump check wx() function. The issue is addressed by moving the memory hotplug lock inside the generic ptdump check wx() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Race Condition

Weakness Enumeration

CWE-366CWE-362

Related Identifiers

AZL-66815
BDU:2025-15764
CVE-2025-38681
DLA-4327-1
DLA-4328-1
DSA-6009-1
ECHO-DD2F-7E15-682A
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu