VYPR
Medium severity5.5NVD Advisory· Published Jun 18, 2025· Updated May 12, 2026

CVE-2025-38071

CVE-2025-38071

Description

In the Linux kernel, the following vulnerability has been resolved:

x86/mm: Check return value from memblock_phys_alloc_range()

At least with CONFIG_PHYSICAL_START=0x100000, if there is < 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblock_phys_alloc_range() returns 0 on failure, which leads memblock_phys_free() to throw the first 4 MiB of physical memory to the wolves.

At a minimum it should fail gracefully with a meaningful diagnostic, but in fact everything seems to work fine without the weird reserve allocation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <6.1.141
    • (no CPE)
    • (no CPE)range: 5.15

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.