Buffer Overflow Vulnerability in Linux Kernel Affecting Memory Management
CVE-2025-39727

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 7 September 2025

What is CVE-2025-39727?

A vulnerability in the Linux kernel's memory management system may lead to a buffer overflow in setup_clusters(). This issue arises due to an insufficient check for badpage values, which may cause the application to attempt to access memory outside a designated range. Specifically, if a badpage value equals or exceeds the maximum allowable pages, a buffer overflow can occur, potentially resulting in system crashes or unpredictable behavior. This vulnerability has been addressed by restricting calls to inc_cluster_info_page() only for badpages that are less than the maxpages limit.

Affected Version(s)

Linux b843786b0bd01ced7fcdbf3b033d68db2f7c61b2 < 91b370800b3f2b3dda244c0ab06719c4971190a5

Linux b843786b0bd01ced7fcdbf3b033d68db2f7c61b2 < 9b01ada580ee84fb319e7ecb5fb5b1f54a9eb799

Linux b843786b0bd01ced7fcdbf3b033d68db2f7c61b2 < 815c528b13f2bb9b3130c13bedeabf2351a68129

References

https://git.kernel.org/stable/c/91b370800b3f2b3dda244c0ab...

https://git.kernel.org/stable/c/9b01ada580ee84fb319e7ecb5...

https://git.kernel.org/stable/c/815c528b13f2bb9b3130c13be...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2025
Vulnerability Reserved
Apr 16, 2025