Memory Management Vulnerability in Linux Kernel Affects x86 Architecture
CVE-2025-38071

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38071?

A vulnerability in the Linux kernel's memory management system can lead to potential crashes when the system fails to allocate memory. Specifically, in instances where the CONFIG_PHYSICAL_START is set to 0x100000, and less than 4 MiB of contiguous free memory is available, the function memblock_phys_alloc_range() can return a value of 0. This failure causes the kernel to mismanage the associated memory space, ultimately resulting in significant system instability. Ideally, the system should handle such failures gracefully and provide meaningful diagnostics to the user instead of compromising system integrity.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8c18c904d301ffeb33b071eadc55cd6131e1e9be

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/8c18c904d301ffeb33b071ead...

https://git.kernel.org/stable/c/bffd5f2815c5234d609725cd0...

https://git.kernel.org/stable/c/c6f2694c580c27dca0cf7546e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025