CVE-2025-38565 – A Linux kernel vulnerability in the perf subsys... (How to Fix)

Q: What is the severity of CVE-2025-38565?

CVE-2025-38565 has a CVSS score of 7.8 (HIGH). A Linux kernel vulnerability in the perf subsystem causes a reference count leak when memory allocation fails during perf_mmap(). This can lead to resource exhaustion and potential denial of service. Systems running affected Linux kernel versions with perf events enabled are vulnerable.

📋 TL;DR

A Linux kernel vulnerability in the perf subsystem causes a reference count leak when memory allocation fails during perf_mmap(). This can lead to resource exhaustion and potential denial of service. Systems running affected Linux kernel versions with perf events enabled are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but patches exist in stable kernel trees

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires perf subsystem to be enabled and accessible. Most distributions enable perf by default for privileged users.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could exhaust kernel resources, causing system instability, crashes, or denial of service affecting all processes.

🟠

Likely Case

Local attackers could trigger repeated failures to gradually degrade system performance or cause targeted service disruptions.

🟢

If Mitigated

With proper access controls limiting perf event usage, impact is minimal as only privileged users can trigger the vulnerability.

🌐 Internet-Facing: LOW - Requires local access to exploit

🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger perf_mmap() failures. Exploitation would need to repeatedly trigger the condition to cause noticeable impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel versions via the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/07091aade394f690e7b655578140ef84d0e8d7b0

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version.

🔧 Temporary Workarounds

Restrict perf event access

linux

Limit perf event usage to trusted users only by adjusting kernel.perf_event_paranoid sysctl

sysctl -w kernel.perf_event_paranoid=3

Disable perf events

linux

Prevent perf subsystem usage by setting kernel.perf_event_paranoid to maximum

sysctl -w kernel.perf_event_paranoid=4

🧯 If You Can't Patch

Implement strict access controls to limit perf event usage to essential privileged users only
Monitor system resource usage and perf event activity for abnormal patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version against your distribution's security advisories. Vulnerable if running unpatched kernel with perf enabled.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the referenced git commits or check with your distribution's security update verification tools.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to perf or memory allocation failures
System logs showing abnormal perf event activity

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel logs containing 'perf_mmap' failures or 'perf_rdpmc_allowed' reference count warnings

📊 Metadata

CVE ID: CVE-2025-38565

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score: 0.01% exploit probability (2.4th percentile)

Published: August 19, 2025

Last Updated: January 8, 2026

🔗 References

https://git.kernel.org/stable/c/07091aade394f690e7b655578140ef84d0e8d7b0 Patch
https://git.kernel.org/stable/c/163b0d1a209fe0df5476c1df2330ca12b55abf92 Patch
https://git.kernel.org/stable/c/27d44145bd576bbef9bf6165bcd78128ec3e6cbd Patch
https://git.kernel.org/stable/c/5ffda7f3ed76ec8defc19d985e33b3b82ba07839 Patch
https://git.kernel.org/stable/c/7ff8521f30c4c2fcd4e88bd7640486602bf8a650 Patch
https://git.kernel.org/stable/c/92043120a2e992800580855498ab8507e1b22db9 Patch
https://git.kernel.org/stable/c/9b90a48c7de828a15c7a4fc565d46999c6e22d6b Patch
https://git.kernel.org/stable/c/de85e72598d89880a02170a1cbc27b35a7d978a9 Patch
https://git.kernel.org/stable/c/f41e9eba77bf97626e04296dc5677d02816d2432 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON