Memory Allocation Vulnerability in Linux Kernel Affecting Multiple Distributions
CVE-2025-38517

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38517?

The Linux kernel exhibits a vulnerability within the memory allocation system due to improper semaphore locking in the alloc_tag_top_users function. This vulnerability arises when alloc_tag_cttype is either unallocated or initialized incorrectly, leading to a crash on memory allocation failure. If the alloc_tag_cttype is null or represents an error state, an attempt to acquire a non-existent semaphore occurs, causing a general protection fault. The vulnerability is easier to trigger under specific conditions, especially when memory profiling is disabled during boot, making it critical for system stability.

Affected Version(s)

Linux 1438d349d16b78d88f9e978a4a5496f078c8191b

Linux 1438d349d16b78d88f9e978a4a5496f078c8191b < 22bf79c0c2301b6e15a688220284b147774d277e

Linux 1438d349d16b78d88f9e978a4a5496f078c8191b < 99af22cd34688cc0d535a1919e0bea4cbc6c1ea1

References

https://git.kernel.org/stable/c/febc0b5dbabda414565bdfaaa...

https://git.kernel.org/stable/c/22bf79c0c2301b6e15a688220...

https://git.kernel.org/stable/c/99af22cd34688cc0d535a1919...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025