fkie_cve-2025-38364
Vulnerability from fkie_nvd
Published
2025-07-25 13:15
Modified
2025-07-25 15:29
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid re-allocating in bulk allocation mode, and to detect issues with preallocation calculations. The MA_STATE_PREALLOC flag should also always be set on zero allocations so that detection of underflow allocations will print a WARN_ON() during consumption. User visible effect of this flaw is a WARN_ON() followed by a null pointer dereference when subsequent requests for larger number of nodes is ignored, such as the vma merge retry in mmap_region() caused by drivers altering the vma flags (which happens in v6.6, at least)
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9e32f4700867abbd5d19abfcf698dbd0d2ce36a4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cf95f8426f889949b738f51ffcd72884411f3a6a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d69cd64bd5af41c6fd409313504089970edaf02f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e63032e66bca1d06e600033f3369ba3db3af0870
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fba46a5d83ca8decb338722fb4899026d8d9ead2
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations.  Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set.  This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: maple_tree: correcci\u00f3n del indicador MA_STATE_PREALLOC en mas_preallocate(). Borra temporalmente el indicador de preasignaci\u00f3n al solicitar asignaciones expl\u00edcitamente. Las asignaciones preexistentes ya se contabilizan en la solicitud mediante mas_node_count_gfp(), pero las asignaciones no se realizar\u00e1n si el indicador MA_STATE_PREALLOC est\u00e1 activado. Este indicador evita la reasignaci\u00f3n en modo de asignaci\u00f3n masiva y detecta problemas con los c\u00e1lculos de preasignaci\u00f3n. El indicador MA_STATE_PREALLOC debe estar siempre activado en asignaciones cero para que la detecci\u00f3n de asignaciones por desbordamiento imprima un WARN_ON() durante el consumo. El efecto visible para el usuario de esta falla es un WARN_ON() seguido de una desreferencia de puntero nulo cuando se ignoran solicitudes posteriores de un mayor n\u00famero de nodos, como el reintento de fusi\u00f3n de vma en mmap_region() causado por controladores que alteran los indicadores de vma (al menos en la versi\u00f3n 6.6)."
    }
  ],
  "id": "CVE-2025-38364",
  "lastModified": "2025-07-25T15:29:19.837",
  "metrics": {},
  "published": "2025-07-25T13:15:25.260",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9e32f4700867abbd5d19abfcf698dbd0d2ce36a4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/cf95f8426f889949b738f51ffcd72884411f3a6a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d69cd64bd5af41c6fd409313504089970edaf02f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e63032e66bca1d06e600033f3369ba3db3af0870"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fba46a5d83ca8decb338722fb4899026d8d9ead2"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.