CVE-2025-38510
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38510
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38510.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38510
- Downstream
- Related
- Published
- 2025-08-16T11:15:44Z
- Modified
- 2025-08-30T18:00:21Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
kasan: remove kasanfindvm_area() to prevent possible deadlock
findvmarea() couldn't be called in atomiccontext. If findvm_area() is called to reports vm area information, kasan can trigger deadlock like:
CPU0 CPU1 vmalloc(); allocvmaparea(); spinlock(&vn->busy.lock) spinlockbh(&somelock); <interrupt occurs> <in softirq> spinlock(&somelock); <access invalid address> kasanreport(); printreport(); printaddressdescription(); kasanfindvmarea(); findvmarea(); spinlock(&vn->busy.lock) // deadlock!
To prevent possible deadlock while kasan reports, remove kasanfindvm_area().
- References
-
- https://git.kernel.org/stable/c/0c3566d831def922cd56322c772a7b20d8b0e0c0
- https://git.kernel.org/stable/c/2d89dab1ea6086e6cbe6fe92531b496fb6808cb9
- https://git.kernel.org/stable/c/595f78d99b9051600233c0a5c4c47e1097e6ed01
- https://git.kernel.org/stable/c/6ee9b3d84775944fb8c8a447961cd01274ac671c
- https://git.kernel.org/stable/c/8377d7744bdce5c4b3f1b58924eebd3fdc078dfc