CVE-2025-38681
📋 TL;DR
A race condition in the Linux kernel's page table dump functionality could allow concurrent memory hot removal operations to cause the kernel to access freed memory. This affects systems where kernel page table debugging is enabled via /sys/kernel/debug/kernel_page_tables. The vulnerability requires local access to the system.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel crash or memory corruption leading to system instability, denial of service, or potential privilege escalation if freed memory is reallocated for malicious purposes.
Likely Case
System crash or kernel panic when memory hot removal occurs concurrently with page table dumping operations.
If Mitigated
No impact if kernel page table debugging is disabled or memory hotplug is not used.
🎯 Exploit Status
Exploitation requires local access, specific debugging features enabled, and timing memory hot removal operations with page table dumping.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 1636b5e9c3543b87d673e32a47e7c18698882425 and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/1636b5e9c3543b87d673e32a47e7c18698882425
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable kernel page table debugging
allRemove access to vulnerable debugging interfaces
echo 0 > /sys/kernel/debug/kernel_page_tables/enable
chmod 000 /sys/kernel/debug/kernel_page_tables
Disable memory hotplug
allPrevent concurrent memory removal operations
echo offline > /sys/devices/system/memory/memoryX/state (for specific memory blocks)
Set kernel parameter memhp_default_state=offline at boot
🧯 If You Can't Patch
- Restrict access to /sys/kernel/debug/kernel_page_tables to root only
- Disable CONFIG_PTDUMP_DEBUGFS in kernel configuration and rebuild
🔍 How to Verify
Check if Vulnerable:
Check if /sys/kernel/debug/kernel_page_tables exists and is accessible, and verify kernel version against patched releases from your distribution.Check Version:
uname -rVerify Fix Applied:
Verify kernel version contains the fix commits or is newer than the patched release from your vendor.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Oops messages related to page table walking
- Memory corruption warnings in dmesg
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for kernel panic events or memory access violations in system logs🔗 References
- https://git.kernel.org/stable/c/1636b5e9c3543b87d673e32a47e7c18698882425
- https://git.kernel.org/stable/c/3ee9a8c27bfd72c3f465004fa8455785d61be5e8
- https://git.kernel.org/stable/c/59305202c67fea50378dcad0cc199dbc13a0e99a
- https://git.kernel.org/stable/c/67995d4244694928ce701928e530b5b4adeb17b4
- https://git.kernel.org/stable/c/69bea84b06b5e779627e7afdbf4b60a7d231c76f
- https://git.kernel.org/stable/c/ac25ec5fa2bf6e606dc7954488e4dded272fa9cd
- https://git.kernel.org/stable/c/ca8c414499f2e5337a95a76be0d21b728ee31c6b
- https://git.kernel.org/stable/c/ff40839e018b82c4d756d035f34a63aa2d93be83
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
