CVE-2025-38565

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed reference counter. But nothing undoes this as perf_mmap_close() is never called in this case, which causes another reference count leak. Return early on failure to prevent that.

CVSS

No CVSS.

References

Link	Resource
https://git.kernel.org/stable/c/07091aade394f690e7b655578140ef84d0e8d7b0
https://git.kernel.org/stable/c/163b0d1a209fe0df5476c1df2330ca12b55abf92
https://git.kernel.org/stable/c/27d44145bd576bbef9bf6165bcd78128ec3e6cbd
https://git.kernel.org/stable/c/7ff8521f30c4c2fcd4e88bd7640486602bf8a650
https://git.kernel.org/stable/c/92043120a2e992800580855498ab8507e1b22db9
https://git.kernel.org/stable/c/f41e9eba77bf97626e04296dc5677d02816d2432

Configurations

No configuration.

History

20 Aug 2025, 14:40

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/core: Salida anticipada en caso de fallo de perf_mmap(). Cuando perf_mmap() no asigna un búfer, sigue invocando la devolución de llamada event_mapped() del evento relacionado. En X86, esto podría aumentar el contador de referencias perf_rdpmc_allowed. Sin embargo, esto no se puede revertir, ya que perf_mmap_close() nunca se llama en este caso, lo que provoca otra fuga del recuento de referencias. Para evitarlo, se debe regresar anticipadamente en caso de fallo.

19 Aug 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-19 17:15

Updated : 2025-08-20 14:40

NVD link : CVE-2025-38565

Mitre link : CVE-2025-38565

CVE.ORG link : CVE-2025-38565

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-38565

Attach tags to `CVE-2025-38565`