CVE-2025-38256

Description

In the Linux kernel, the following vulnerability has been resolved:io_uring/rsrc: fix folio unpinningsyzbot complains about an unmapping failure:[ 108.070381][ T14] kernel BUG at mm/gup.c:71![ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP[ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025[ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work[ 108.174205][ T14] Call trace:[ 108.175649][ T14] sanity_check_pinned_pages+0x7cc/0x7d0 (P)[ 108.178138][ T14] unpin_user_page+0x80/0x10c[ 108.180189][ T14] io_release_ubuf+0x84/0xf8[ 108.182196][ T14] io_free_rsrc_node+0x250/0x57c[ 108.184345][ T14] io_rsrc_data_free+0x148/0x298[ 108.186493][ T14] io_sqe_buffers_unregister+0x84/0xa0[ 108.188991][ T14] io_ring_ctx_free+0x48/0x480[ 108.191057][ T14] io_ring_exit_work+0x764/0x7d8[ 108.193207][ T14] process_one_work+0x7e8/0x155c[ 108.195431][ T14] worker_thread+0x958/0xed8[ 108.197561][ T14] kthread+0x5fc/0x75c[ 108.199362][ T14] ret_from_fork+0x10/0x20We can pin a tail page of a folio, but then io_uring will try to unpinthe head page of the folio. While it should be fine in terms of keepingthe page actually alive, mm folks say its wrong and triggers a debugwarning. Use unpin_user_folio() instead of unpin_user_page*.[axboe: adapt to current tree, massage commit message]

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.013

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234