CVE-2025-38364

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()<br /> <br /> Temporarily clear the preallocation flag when explicitly requesting<br /> allocations. Pre-existing allocations are already counted against the<br /> request through mas_node_count_gfp(), but the allocations will not happen<br /> if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid<br /> re-allocating in bulk allocation mode, and to detect issues with<br /> preallocation calculations.<br /> <br /> The MA_STATE_PREALLOC flag should also always be set on zero allocations<br /> so that detection of underflow allocations will print a WARN_ON() during<br /> consumption.<br /> <br /> User visible effect of this flaw is a WARN_ON() followed by a null pointer<br /> dereference when subsequent requests for larger number of nodes is<br /> ignored, such as the vma merge retry in mmap_region() caused by drivers<br /> altering the vma flags (which happens in v6.6, at least)