Linux Kernel Infinite Recursion Vulnerability in Memory Buffer Allocation
CVE-2025-38690

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38690?

A vulnerability exists in the Linux kernel due to improper handling of buffer allocation for the DRM (Direct Rendering Manager) subsystem. When the buffer plus offset is not aligned to the XE_CACHELINE_BYTES, a fallback mechanism allocates the buffer on the stack. If this buffer also misaligns, it causes the function to recurse indefinitely. This leads to a potential stack overflow, resulting in a kernel panic as the system resources are exhausted. The vulnerability has been addressed by transitioning from stack allocation to kmalloc, ensuring correct memory alignment and preventing the recursion issue.

Affected Version(s)

Linux 270172f64b114451876c1b68912653e72ab99f38 < 89f511c024879c5812cc0c010a6663b5e49950f3

Linux 270172f64b114451876c1b68912653e72ab99f38 < 9d7a1cbebbb691891671def57407ba2f8ee914e8

Linux 6.16

References

https://git.kernel.org/stable/c/89f511c024879c5812cc0c010...

https://git.kernel.org/stable/c/9d7a1cbebbb691891671def57...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025