{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38008","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.977Z","datePublished":"2025-06-18T09:28:19.358Z","dateUpdated":"2026-05-11T21:19:31.804Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:19:31.804Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the '-1' case though; since that means a\n\t * decrement is concurrent with a first (0->1) increment. IOW\n\t * people are trying to disable something that wasn't yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/internal.h","mm/mm_init.c","mm/page_alloc.c"],"versions":[{"version":"dcdfdd40fa82b6704d2841938e5c8ec3051eb0d6","lessThan":"98fdd2f612e949c652693f6df00442c81037776d","status":"affected","versionType":"git"},{"version":"dcdfdd40fa82b6704d2841938e5c8ec3051eb0d6","lessThan":"74953f93f47a45296cc2a3fd04e2a3202ff3fa53","status":"affected","versionType":"git"},{"version":"dcdfdd40fa82b6704d2841938e5c8ec3051eb0d6","lessThan":"71dda1cb10702dc2859f00eb789b0502de2176a9","status":"affected","versionType":"git"},{"version":"dcdfdd40fa82b6704d2841938e5c8ec3051eb0d6","lessThan":"fefc075182275057ce607effaa3daa9e6e3bdc73","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/internal.h","mm/mm_init.c","mm/page_alloc.c"],"versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","status":"unaffected","versionType":"semver"},{"version":"6.6.92","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.30","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.8","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.12.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.14.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/98fdd2f612e949c652693f6df00442c81037776d"},{"url":"https://git.kernel.org/stable/c/74953f93f47a45296cc2a3fd04e2a3202ff3fa53"},{"url":"https://git.kernel.org/stable/c/71dda1cb10702dc2859f00eb789b0502de2176a9"},{"url":"https://git.kernel.org/stable/c/fefc075182275057ce607effaa3daa9e6e3bdc73"}],"title":"mm/page_alloc: fix race condition in unaccepted memory handling","x_generator":{"engine":"bippy-1.2.0"}}}}