Bug 2375528 (CVE-2025-38088)

Summary: CVE-2025-38088 kernel: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A denial-of-service vulnerability has been identified in the Linux kernel, stemming from an out-of-bounds overflow. This flaw occurs when the requested memory mapping region size exceeds the allocated region size. An attacker can exploit this by crafting a specially designed file, which, when processed by the kernel, could trigger an overflow. This leads to a system crash, impacting the availability of the affected system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-06-30 08:01:07 UTC 
In the Linux kernel, the following vulnerability has been resolved:

powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap

memtrace mmap issue has an out of bounds issue. This patch fixes the by
checking that the requested mapping region size should stay within the
allocated region size.
Comment 1 Avinash Hanwate 2025-06-30 15:18:00 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025063054-CVE-2025-38088-4f48@gregkh/T
Comment 5 errata-xmlrpc 2025-07-28 08:23:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:11855 https://access.redhat.com/errata/RHSA-2025:11855