CVE-2025-38071

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38071
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38071.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-38071
Downstream
Published
2025-06-18T10:15:40Z
Modified
2025-08-12T21:01:19Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/mm: Check return value from memblockphysalloc_range()

At least with CONFIGPHYSICALSTART=0x100000, if there is < 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblockphysallocrange() returns 0 on failure, which leads memblockphys_free() to throw the first 4 MiB of physical memory to the wolves.

At a minimum it should fail gracefully with a meaningful diagnostic, but in fact everything seems to work fine without the weird reserve allocation.

References

Affected packages