{"uuid": "fe6dcd4b-7384-40d9-a48c-4497a394c49c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-38085", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19806", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-38085\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process.  While I don't see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.\n\ud83d\udccf Published: 2025-06-28T07:44:26.178Z\n\ud83d\udccf Modified: 2025-06-28T07:44:26.178Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/952596b08c74e8fe9e2883d1dc8a8f54a37384ec\n2. https://git.kernel.org/stable/c/a3d864c901a300c295692d129159fc3001a56185\n3. https://git.kernel.org/stable/c/b7754d3aa7bf9f62218d096c0c8f6c13698fac8b\n4. https://git.kernel.org/stable/c/fe684290418ef9ef76630072086ee530b92f02b8\n5. https://git.kernel.org/stable/c/034a52b5ef57c9c8225d94e9067f3390bb33922f\n6. https://git.kernel.org/stable/c/a6bfeb97941a9187833b526bc6cc4ff5706d0ce9\n7. https://git.kernel.org/stable/c/1013af4f585fccc4d3e5c5824d174de2257f7d6d", "creation_timestamp": "2025-06-28T07:51:36.000000Z"}