CVE-2025-38504 — Vulnetix

CVE-2025-38504 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix pp destruction warnings With multiple page pools and in some other cases we can have allocated niovs on page pool destruction. Remove a misplaced warning checking that all niovs are returned to zcrx on io_pp_zc_destroy(). It was reported before but apparently got lost.

EPSS 0.03% · 8.3th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.03%

8.3th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.15, 6.15, 6.16
Linux	Linux	34a3e60821ab9f335a58d43a88cccdbefdebdec3, 6.15, 0

Timeline

Aug 16, 2025 EPSS Score
Aug 16, 2025 CVE Published
Aug 16, 2025 PoC Published
Aug 24, 2025 EPSS Score
Sep 1, 2025 EPSS Score
Sep 9, 2025 EPSS Score
Sep 18, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 4, 2025 EPSS Score
Oct 12, 2025 EPSS Score
Oct 12, 2025 PoC Published
Oct 20, 2025 EPSS Score

References

https://git.kernel.org/stable/c/ad9f1b5bed082b9c910e2a24bae0286a70846909 url
https://git.kernel.org/stable/c/203817de269539c062724d97dfa5af3cdf77a3ec url
https://nvd.nist.gov/vuln/detail/CVE-2025-38504 advisory

Open in Interactive Console →