Out-of-Bounds Access in Linux Kernel's Memory Management

CVE-2025-38447

What is CVE-2025-38447?

A vulnerability in the Linux kernel's memory management system allows for potential out-of-bounds access during the batched unmapping process. This issue occurs when the try_to_unmap_one() function attempts to read beyond the end of a Page Table Entry (PTE) array when handling mappings of large folios that are not fully contained within a single page table. Although this scenario is uncommon, the need for a fix was critical as it could be triggered from userspace. The recent patch addresses this vulnerability by refactoring the logic into a new helper function, folio_unmap_pte_batch(), which ensures safe batch processing by adhering to Virtual Memory Area (VMA) and Page Mid-Level Directory (PMD) boundaries, allowing for partial batching of pages.

References