Bug 2383390 (CVE-2025-38364) - CVE-2025-38364 kernel: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
Summary: CVE-2025-38364 kernel: maple_tree: fix MA_STATE_PREALLOC flag in mas_prealloc...
Keywords:
Status: NEW
Alias: CVE-2025-38364
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-07-25 14:02 UTC by OSIDB Bzimport
Modified: 2025-07-26 18:33 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-07-25 14:02:00 UTC 
In the Linux kernel, the following vulnerability has been resolved:

maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()

Temporarily clear the preallocation flag when explicitly requesting
allocations.  Pre-existing allocations are already counted against the
request through mas_node_count_gfp(), but the allocations will not happen
if the MA_STATE_PREALLOC flag is set.  This flag is meant to avoid
re-allocating in bulk allocation mode, and to detect issues with
preallocation calculations.

The MA_STATE_PREALLOC flag should also always be set on zero allocations
so that detection of underflow allocations will print a WARN_ON() during
consumption.

User visible effect of this flaw is a WARN_ON() followed by a null pointer
dereference when subsequent requests for larger number of nodes is
ignored, such as the vma merge retry in mmap_region() caused by drivers
altering the vma flags (which happens in v6.6, at least)
Comment 1 Jon Moroney 2025-07-25 19:37:58 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025072558-CVE-2025-38364-74db@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.