CVE-2025-38085

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race<br /> <br /> huge_pmd_unshare() drops a reference on a page table that may have<br /> previously been shared across processes, potentially turning it into a<br /> normal page table used in another process in which unrelated VMAs can<br /> afterwards be installed.<br /> <br /> If this happens in the middle of a concurrent gup_fast(), gup_fast() could<br /> end up walking the page tables of another process. While I don&amp;#39;t see any<br /> way in which that immediately leads to kernel memory corruption, it is<br /> really weird and unexpected.<br /> <br /> Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),<br /> just like we do in khugepaged when removing page tables for a THP<br /> collapse.