CVE-2025-38565 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed reference counter. But nothing undoes this as perf_mmap_close() is never called in this case, which causes another reference count leak. Return early on failure to prevent that.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/07091aade394f690e7b655578140ef84d0e8d7b0
https://git.kernel.org/stable/c/163b0d1a209fe0df5476c1df2330ca12b55abf92
https://git.kernel.org/stable/c/27d44145bd576bbef9bf6165bcd78128ec3e6cbd
https://git.kernel.org/stable/c/7ff8521f30c4c2fcd4e88bd7640486602bf8a650
https://git.kernel.org/stable/c/92043120a2e992800580855498ab8507e1b22db9
https://git.kernel.org/stable/c/f41e9eba77bf97626e04296dc5677d02816d2432
https://lore.kernel.org/linux-cve-announce/2025081908-CVE-2025-38565-0f60@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38565
https://www.cve.org/CVERecord?id=CVE-2025-38565

History

Thu, 21 Aug 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Wed, 20 Aug 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025081908-CVE-2025-38565-0f60@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38565 https://www.cve.org/CVERecord?id=CVE-2025-38565
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 19 Aug 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed reference counter. But nothing undoes this as perf_mmap_close() is never called in this case, which causes another reference count leak. Return early on failure to prevent that.
Title		perf/core: Exit early on perf_mmap() fail
References		https://git.kernel.org/stable/c/07091aade394f690e7b655578140ef84d0e8d7b0 https://git.kernel.org/stable/c/163b0d1a209fe0df5476c1df2330ca12b55abf92 https://git.kernel.org/stable/c/27d44145bd576bbef9bf6165bcd78128ec3e6cbd https://git.kernel.org/stable/c/7ff8521f30c4c2fcd4e88bd7640486602bf8a650 https://git.kernel.org/stable/c/92043120a2e992800580855498ab8507e1b22db9 https://git.kernel.org/stable/c/f41e9eba77bf97626e04296dc5677d02816d2432

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-08-19T17:02:41.700Z

Updated: 2025-08-19T17:02:41.700Z

Reserved: 2025-04-16T04:51:24.025Z

Link: CVE-2025-38565

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-08-19T17:15:33.077

Modified: 2025-08-20T14:40:17.713

Link: CVE-2025-38565

Redhat

Severity : Low

Publid Date: 2025-08-19T00:00:00Z

Links: CVE-2025-38565 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object