CVE-2025-38564

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> perf/core: Handle buffer mapping fail correctly in perf_mmap()<br /> <br /> After successful allocation of a buffer or a successful attachment to an<br /> existing buffer perf_mmap() tries to map the buffer read only into the page<br /> table. If that fails, the already set up page table entries are zapped, but<br /> the other perf specific side effects of that failure are not handled. The<br /> calling code just cleans up the VMA and does not invoke perf_mmap_close().<br /> <br /> This leaks reference counts, corrupts user-&gt;vm accounting and also results<br /> in an unbalanced invocation of event::event_mapped().<br /> <br /> Cure this by moving the event::event_mapped() invocation before the<br /> map_range() call so that on map_range() failure perf_mmap_close() can be<br /> invoked without causing an unbalanced event::event_unmapped() call.<br /> <br /> perf_mmap_close() undoes the reference counts and eventually frees buffers.