Memory Management Flaw in Linux Kernel Affects Multiple Systems
CVE-2025-38490

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38490?

A flaw in Linux kernel's memory management was identified that allows for a double free of memory pages when the page_pool_put_full_page() function is invoked incorrectly. This vulnerability can lead to kernel panic and system instability. The original implementation erroneously called this function during scenarios not intended for memory release, thus causing potential system crashes. Proper invocation is essential for maintaining kernel integrity and performance.

Affected Version(s)

Linux 3c47e8ae113a68da47987750d9896e325d0aeedd < 3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa

Linux 3c47e8ae113a68da47987750d9896e325d0aeedd < 08d18bda0d03f5ec376929a8c6c4495f9594593a

Linux 3c47e8ae113a68da47987750d9896e325d0aeedd < 003e4765d8661be97e650a833868c53d35574130

References

https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c...

https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c...

https://git.kernel.org/stable/c/003e4765d8661be97e650a833...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025