CVE-2025-38564: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38564 is a vulnerability discovered in the Linux kernel's perf subsystem, specifically in the perf_mmap() function. The vulnerability was disclosed on August 19, 2025, and affects the buffer mapping functionality in the performance monitoring subsystem (NVD).

The vulnerability occurs in the perf/core component when handling buffer mapping failures in perfmmap(). After successful buffer allocation or attachment to an existing buffer, perfmmap() attempts to map the buffer as read-only into the page table. If this mapping fails, while the page table entries are properly cleared, other perf-specific side effects of the failure are not handled correctly. This results in reference count leaks, user->vm accounting corruption, and unbalanced event::event_mapped() invocations (Debian Security).

The vulnerability leads to memory management issues including reference count leaks and corruption of user->vm accounting. This can potentially affect system stability and resource management in the Linux kernel's performance monitoring subsystem (NVD).

The issue has been resolved by moving the event::eventmapped() invocation before the maprange() call, ensuring that perfmmapclose() can be properly invoked without causing unbalanced event::eventunmapped() calls when maprange() fails. The fix has been implemented in various Linux distributions, with Ubuntu providing fixes in version 6.8.0-40.40 for noble release and Debian implementing fixes in multiple versions including 5.10.237-1 for bullseye and 6.1.147-1 for bookworm (Debian Security).