CVE-2025-38071

At least with CONFIGPHYSICALSTART=0x100000, if there is < 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblockphysallocrange() returns 0 on failure, which leads memblockphys_free() to throw the first 4 MiB of physical memory to the wolves.

At a minimum it should fail gracefully with a meaningful diagnostic, but in fact everything seems to work fine without the weird reserve allocation.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38071.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a7259df7670240ee03b0cfce8a3e5d3773911e24

Fixed

8c18c904d301ffeb33b071eadc55cd6131e1e9be

Fixed

bffd5f2815c5234d609725cd0dc2f4bc5de2fc67

Fixed

c6f2694c580c27dca0cf7546ee9b4bfa6b940e38

Fixed

dde4800d2b0f68b945fd81d4fc2d4a10ae25f743

Fixed

631ca8909fd5c62b9fda9edda93924311a78a9c4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38071.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.0

Fixed

6.1.141

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.93

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.31

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.14.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38071.json"