{"id":"CVE-2025-38256","summary":"io_uring/rsrc: fix folio unpinning","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: fix folio unpinning\n\nsyzbot complains about an unmapping failure:\n\n[  108.070381][   T14] kernel BUG at mm/gup.c:71!\n[  108.070502][   T14] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP\n[  108.123672][   T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025\n[  108.127458][   T14] Workqueue: iou_exit io_ring_exit_work\n[  108.174205][   T14] Call trace:\n[  108.175649][   T14]  sanity_check_pinned_pages+0x7cc/0x7d0 (P)\n[  108.178138][   T14]  unpin_user_page+0x80/0x10c\n[  108.180189][   T14]  io_release_ubuf+0x84/0xf8\n[  108.182196][   T14]  io_free_rsrc_node+0x250/0x57c\n[  108.184345][   T14]  io_rsrc_data_free+0x148/0x298\n[  108.186493][   T14]  io_sqe_buffers_unregister+0x84/0xa0\n[  108.188991][   T14]  io_ring_ctx_free+0x48/0x480\n[  108.191057][   T14]  io_ring_exit_work+0x764/0x7d8\n[  108.193207][   T14]  process_one_work+0x7e8/0x155c\n[  108.195431][   T14]  worker_thread+0x958/0xed8\n[  108.197561][   T14]  kthread+0x5fc/0x75c\n[  108.199362][   T14]  ret_from_fork+0x10/0x20\n\nWe can pin a tail page of a folio, but then io_uring will try to unpin\nthe head page of the folio. While it should be fine in terms of keeping\nthe page actually alive, mm folks say it's wrong and triggers a debug\nwarning. Use unpin_user_folio() instead of unpin_user_page*.\n\n[axboe: adapt to current tree, massage commit message]","modified":"2026-04-02T12:47:53.103594Z","published":"2025-07-09T10:42:33.819Z","related":["SUSE-SU-2025:02853-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38256.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/11e7b7369e655e6131387b174218d7fa9557b3da"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53fd75f25b223878b5fff14932e3a22f42b54f77"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5afb4bf9fc62d828647647ec31745083637132e4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38256.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38256"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a8edbb424b1391b077407c75d8f5d2ede77aa70d"},{"fixed":"53fd75f25b223878b5fff14932e3a22f42b54f77"},{"fixed":"11e7b7369e655e6131387b174218d7fa9557b3da"},{"fixed":"5afb4bf9fc62d828647647ec31745083637132e4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38256.json"}}],"schema_version":"1.7.5"}