Race Condition in Linux Kernel Userfaultfd Implementation Affecting Memcached

CVE-2025-38242

What is CVE-2025-38242?

A vulnerability in the Linux kernel userfaultfd implementation has been identified, resulting in a race condition that can lead to unreliable behavior when handling memory pages. Specifically, the function userfaultfd_move may experience conflicts during the management of swap entries, leading to potential incorrect memory references. This occurs when simultaneous operations from multiple CPUs manipulate memory references, causing a shared resource conflict and potentially corrupting the RSS (Resident Set Size) counter. Although the likelihood of this race condition manifesting is low due to its dependency on specific timing and sequence of operations, it remains a risk for configurations where memory management robustness is critical. Proper checks and locks are essential for ensuring memory integrity and avoiding inconsistencies.

References