CVE-2025-38364
📋 TL;DR
A Linux kernel vulnerability in the maple_tree subsystem causes improper handling of the MA_STATE_PREALLOC flag in mas_preallocate(). This can lead to a kernel warning followed by a null pointer dereference when drivers alter vma flags during memory mapping operations. Systems running affected Linux kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service
Likely Case
Kernel warning followed by null pointer dereference causing system instability or crash
If Mitigated
No impact if patched or workarounds applied
🎯 Exploit Status
Requires local access and ability to trigger specific kernel operations with driver vma flag alterations
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in git commits: 9e32f4700867abbd5d19abfcf698dbd0d2ce36a4, cf95f8426f889949b738f51ffcd72884411f3a6a, d69cd64bd5af41c6fd409313504089970edaf02f, e63032e66bca1d06e600033f3369ba3db3af0870, fba46a5d83ca8decb338722fb4899026d8d9ead2
Vendor Advisory: https://git.kernel.org/stable/c/9e32f4700867abbd5d19abfcf698dbd0d2ce36a4
Restart Required: Yes
Instructions:
1. Apply relevant kernel patch from git.kernel.org 2. Recompile kernel 3. Reboot system
🔧 Temporary Workarounds
Kernel module restrictions
linuxRestrict loading of kernel modules that might trigger vma flag alterations
echo 'kernel.modules_disabled=1' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Restrict user access to systems to reduce attack surface
- Monitor kernel logs for WARN_ON messages related to maple_tree
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with affected versions in git commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after patching and check for absence of maple_tree related warnings📡 Detection & Monitoring
Log Indicators:
- Kernel WARN_ON messages related to maple_tree or mas_preallocate()
Network Indicators:
- None - local kernel vulnerability
SIEM Query:
source="kernel" AND ("maple_tree" OR "mas_preallocate" OR "MA_STATE_PREALLOC")🔗 References
- https://git.kernel.org/stable/c/9e32f4700867abbd5d19abfcf698dbd0d2ce36a4
- https://git.kernel.org/stable/c/cf95f8426f889949b738f51ffcd72884411f3a6a
- https://git.kernel.org/stable/c/d69cd64bd5af41c6fd409313504089970edaf02f
- https://git.kernel.org/stable/c/e63032e66bca1d06e600033f3369ba3db3af0870
- https://git.kernel.org/stable/c/fba46a5d83ca8decb338722fb4899026d8d9ead2
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
