Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2025-38424

In the Linux kernel, the following vulnerability has been resolved:

perf: Fix sample vs do_exit()

Baisheng Gao reported an ARM64 crash, which Mark decoded as being a synchronous external abort -- most likely due to trying to access MMIO in bad ways.

The crash further shows perf trying to do a user stack sample while in exit_mmap()'s tlb_finish_mmu() -- i.e. while tearing down the address space it is trying to access.

It turns out that we stop perf after we tear down the userspace mm; a receipie for disaster, since perf likes to access userspace for various reasons.

Flip this order by moving up where we stop perf in do_exit().

Additionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER to abort when the current task does not have an mm (exit_mm() makes sure to set current->mm = NULL; before commencing with the actual teardown). Such that CPU wide events don't trip on this same problem.

  • Published: Jul 25, 2025
  • Updated: Dec 24, 2025
  • CVE: CVE-2025-38424
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Software From Fixed in
linux / linux_kernel 3.7 5.4.295
linux / linux_kernel 5.5 5.10.239
linux / linux_kernel 5.11 5.15.186
linux / linux_kernel 5.16 6.1.142
linux / linux_kernel 6.2 6.6.95
linux / linux_kernel 6.7 6.12.35
linux / linux_kernel 6.13 6.15.4
linux / linux_kernel 6.16-rc1 6.16-rc1.x
linux / linux_kernel 6.16-rc2 6.16-rc2.x
debian / debian_linux 11.0 11.0.x