NVD

CVE-2025-38563 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is established, subsequent mapping have to use the same offset and the same size in both cases. The reference counting for the ringbuffer and the auxiliary buffer depends on this being correct. Though perf does not prevent that a related mapping is split via mmap(2), munmap(2) or mremap(2). A split of a VMA results in perf_mmap_open() calls, which take reference counts, but then the subsequent perf_mmap_close() calls are not longer fulfilling the offset and size checks. This leads to reference count leaks. As perf already has the requirement for subsequent mappings to match the initial mapping, the obvious consequence is that VMA splits, caused by resizing of a mapping or partial unmapping, have to be prevented. Implement the vm_operations_struct::may_split() callback and return unconditionally -EINVAL. That ensures that the mapping offsets and sizes cannot be changed after the fact. Remapping to a different fixed address with the same size is still possible as it takes the references for the new mapping and drops those of the old mapping.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/3bd518cc7ea61076bcd725e36ff0e690754977c0	kernel.org	Patch
https://git.kernel.org/stable/c/65311aad4c808bedad0c05d9bb8b06c47dae73eb	kernel.org	Patch
https://git.kernel.org/stable/c/6757a31a8e295ae4f01717a954afda173f25a121	kernel.org	Patch
https://git.kernel.org/stable/c/7b84cb58d1f0aa07656802eae24689566e5f5b1b	kernel.org	Patch
https://git.kernel.org/stable/c/b024d7b56c77191cde544f838debb7f8451cd0d6	kernel.org	Patch
https://git.kernel.org/stable/c/d52451a9210f2e5a079ba052918c93563518a9ff	kernel.org	Patch
https://git.kernel.org/stable/c/e4346ffec2c44d6b0be834d59b20632b5bb5729e	kernel.org	Patch
https://git.kernel.org/stable/c/e529888b7e8092912dd8789bdfc76685ccd2ff5f	kernel.org	Patch
https://git.kernel.org/stable/c/ff668930871e0198c7f4e325058b8b7c286787bd	kernel.org	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html	CVE	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	CVE	Mailing List Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-25-873/	kernel.org	Third Party Advisory

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

Initial Analysis by NIST 1/08/2026 4:03:06 PM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CWE	NVD-CWE-noinfo
Added	CPE Configuration	OR cpe:2.3:o:debian:debian_linux:11.0:::::::
Added	CPE Configuration	OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.1.148 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.190 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.241 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.16 up to (excluding) 6.16.1 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.13 up to (excluding) 6.15.10 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.7 up to (excluding) 6.12.42 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.2 up to (excluding) 6.6.102 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.1 up to (excluding) 5.4.297
Added	Reference Type	CVE: https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Types: Mailing List, Third Party Advisory
Added	Reference Type	CVE: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Types: Mailing List, Third Party Advisory
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/3bd518cc7ea61076bcd725e36ff0e690754977c0 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/65311aad4c808bedad0c05d9bb8b06c47dae73eb Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/6757a31a8e295ae4f01717a954afda173f25a121 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/7b84cb58d1f0aa07656802eae24689566e5f5b1b Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/b024d7b56c77191cde544f838debb7f8451cd0d6 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/d52451a9210f2e5a079ba052918c93563518a9ff Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e4346ffec2c44d6b0be834d59b20632b5bb5729e Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e529888b7e8092912dd8789bdfc76685ccd2ff5f Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/ff668930871e0198c7f4e325058b8b7c286787bd Types: Patch
Added	Reference Type	kernel.org: https://www.zerodayinitiative.com/advisories/ZDI-25-873/ Types: Third Party Advisory

New CVE Received from kernel.org 8/19/2025 1:15:32 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is established, subsequent mapping have to use the same offset and the same size in both cases. The reference counting for the ringbuffer and the auxiliary buffer depends on this being correct. Though perf does not prevent that a related mapping is split via mmap(2), munmap(2) or mremap(2). A split of a VMA results in perf_mmap_open() calls, which take reference counts, but then the subsequent perf_mmap_close() calls are not longer fulfilling the offset and size checks. This leads to reference count leaks. As perf already has the requirement for subsequent mappings to match the initial mapping, the obvious consequence is that VMA splits, caused by resizing of a mapping or partial unmapping, have to be prevented. Implement the vm_operations_struct::may_split() callback and return unconditionally -EINVAL. That ensures that the mapping offsets and sizes cannot be changed after the fact. Remapping to a different fixed address with the same size is still possible as it takes the references for the new mapping and drops those of the old mapping.
Added	Reference	https://git.kernel.org/stable/c/65311aad4c808bedad0c05d9bb8b06c47dae73eb
Added	Reference	https://git.kernel.org/stable/c/6757a31a8e295ae4f01717a954afda173f25a121
Added	Reference	https://git.kernel.org/stable/c/7b84cb58d1f0aa07656802eae24689566e5f5b1b
Added	Reference	https://git.kernel.org/stable/c/b024d7b56c77191cde544f838debb7f8451cd0d6
Added	Reference	https://git.kernel.org/stable/c/e529888b7e8092912dd8789bdfc76685ccd2ff5f
Added	Reference	https://git.kernel.org/stable/c/ff668930871e0198c7f4e325058b8b7c286787bd

Quick Info

CVE Dictionary Entry:
CVE-2025-38563
NVD Published Date:
08/19/2025
NVD Last Modified:
01/08/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2025-38563 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 1/08/2026 4:03:06 PM

CVE Modified by CVE 11/03/2025 1:16:29 PM

CVE Modified by kernel.org 10/10/2025 12:15:51 PM

CVE Modified by kernel.org 8/28/2025 11:15:53 AM

New CVE Received from kernel.org 8/19/2025 1:15:32 PM

Quick Info