CVE-2025-38563 – A Linux kernel vulnerability in the perf subsys... (How to Fix)

Q: What is the severity of CVE-2025-38563?

CVE-2025-38563 has a CVSS score of 7.8 (HIGH). A Linux kernel vulnerability in the perf subsystem allows reference count leaks when VMA (Virtual Memory Area) splits occur on perf ringbuffer mappings. This affects systems using perf events with ringbuffer or auxiliary buffer mappings, potentially leading to memory exhaustion or system instability. All Linux systems using perf events are affected.

📋 TL;DR

A Linux kernel vulnerability in the perf subsystem allows reference count leaks when VMA (Virtual Memory Area) splits occur on perf ringbuffer mappings. This affects systems using perf events with ringbuffer or auxiliary buffer mappings, potentially leading to memory exhaustion or system instability. All Linux systems using perf events are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but patches exist in stable kernel trees.

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires perf events with ringbuffer or auxiliary buffer mappings to be exploitable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory exhaustion leading to system crash or denial of service, potentially enabling privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Memory leaks causing gradual performance degradation and eventual system instability or crashes.

🟢

If Mitigated

Minimal impact if perf events are not used or systems are patched.

🌐 Internet-Facing: LOW - Requires local access and perf event usage.

🏢 Internal Only: MEDIUM - Local users or processes with perf event permissions could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to use perf events. Exploitation involves triggering VMA splits via mmap/munmap/mremap operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel commits: 3bd518cc7ea61076bcd725e36ff0e690754977c0, 65311aad4c808bedad0c05d9bb8b06c47dae73eb, 6757a31a8e295ae4f01717a954afda173f25a121, 7b84cb58d1f0aa07656802eae24689566e5f5b1b, b024d7b56c77191cde544f838debb7f8451cd0d6

Vendor Advisory: https://git.kernel.org/stable/c/3bd518cc7ea61076bcd725e36ff0e690754977c0

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Restrict perf event usage

linux

Limit access to perf events to prevent exploitation

echo 1 > /proc/sys/kernel/perf_event_paranoid
chmod 600 /dev/perf_event*

Disable perf events

linux

Completely disable perf subsystem if not needed

echo 0 > /proc/sys/kernel/perf_event_max_sample_rate
echo 0 > /proc/sys/kernel/perf_event_mlock_kb

🧯 If You Can't Patch

Implement strict access controls on perf events
Monitor system memory usage for abnormal patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions. Use 'uname -r' and verify against distribution security advisories.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits. Check with 'cat /proc/version' or distribution package manager.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
Memory allocation failures in kernel logs
Perf subsystem errors

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel panic logs, memory allocation failures, or perf-related errors in system logs.

📊 Metadata

CVE ID: CVE-2025-38563

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score: 0.02% exploit probability (3th percentile)

Published: August 19, 2025

Last Updated: January 8, 2026

🔗 References

https://git.kernel.org/stable/c/3bd518cc7ea61076bcd725e36ff0e690754977c0 Patch
https://git.kernel.org/stable/c/65311aad4c808bedad0c05d9bb8b06c47dae73eb Patch
https://git.kernel.org/stable/c/6757a31a8e295ae4f01717a954afda173f25a121 Patch
https://git.kernel.org/stable/c/7b84cb58d1f0aa07656802eae24689566e5f5b1b Patch
https://git.kernel.org/stable/c/b024d7b56c77191cde544f838debb7f8451cd0d6 Patch
https://git.kernel.org/stable/c/d52451a9210f2e5a079ba052918c93563518a9ff Patch
https://git.kernel.org/stable/c/e4346ffec2c44d6b0be834d59b20632b5bb5729e Patch
https://git.kernel.org/stable/c/e529888b7e8092912dd8789bdfc76685ccd2ff5f Patch
https://git.kernel.org/stable/c/ff668930871e0198c7f4e325058b8b7c286787bd Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-873/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON