logo_clicknbuy.png

CVE-2025-38510 – Linux Kernel KASAN Deadlock Vulnerability

The following table lists the changes that have been made to the
CVE-2025-38510 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 16, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    kasan: remove kasan_find_vm_area() to prevent possible deadlock

    find_vm_area() couldn’t be called in atomic_context. If find_vm_area() is
    called to reports vm area information, kasan can trigger deadlock like:

    CPU0 CPU1
    vmalloc();
    alloc_vmap_area();
    spin_lock(&vn->busy.lock)
    spin_lock_bh(&some_lock);

    spin_lock(&some_lock);

    kasan_report();
    print_report();
    print_address_description();
    kasan_find_vm_area();
    find_vm_area();
    spin_lock(&vn->busy.lock) // deadlock!

    To prevent possible deadlock while kasan reports, remove kasan_find_vm_area().
    Added Reference https://git.kernel.org/stable/c/0c3566d831def922cd56322c772a7b20d8b0e0c0
    Added Reference https://git.kernel.org/stable/c/2d89dab1ea6086e6cbe6fe92531b496fb6808cb9
    Added Reference https://git.kernel.org/stable/c/595f78d99b9051600233c0a5c4c47e1097e6ed01
    Added Reference https://git.kernel.org/stable/c/6ee9b3d84775944fb8c8a447961cd01274ac671c
    Added Reference https://git.kernel.org/stable/c/8377d7744bdce5c4b3f1b58924eebd3fdc078dfc
Share the Post:

Related Posts