Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-22002

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
03/04/2025
Last modified:
10/04/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfs: Call `invalidate_cache` only if implemented<br /> <br /> Many filesystems such as NFS and Ceph do not implement the<br /> `invalidate_cache` method. On those filesystems, if writing to the<br /> cache (`NETFS_WRITE_TO_CACHE`) fails for some reason, the kernel<br /> crashes like this:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> #PF: supervisor instruction fetch in kernel mode<br /> #PF: error_code(0x0010) - not-present page<br /> PGD 0 P4D 0<br /> Oops: Oops: 0010 [#1] SMP PTI<br /> CPU: 9 UID: 0 PID: 3380 Comm: kworker/u193:11 Not tainted 6.13.3-cm4all1-hp #437<br /> Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018<br /> Workqueue: events_unbound netfs_write_collection_worker<br /> RIP: 0010:0x0<br /> Code: Unable to access opcode bytes at 0xffffffffffffffd6.<br /> RSP: 0018:ffff9b86e2ca7dc0 EFLAGS: 00010202<br /> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 7fffffffffffffff<br /> RDX: 0000000000000001 RSI: ffff89259d576a18 RDI: ffff89259d576900<br /> RBP: ffff89259d5769b0 R08: ffff9b86e2ca7d28 R09: 0000000000000002<br /> R10: ffff89258ceaca80 R11: 0000000000000001 R12: 0000000000000020<br /> R13: ffff893d158b9338 R14: ffff89259d576900 R15: ffff89259d5769b0<br /> FS: 0000000000000000(0000) GS:ffff893c9fa40000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: ffffffffffffffd6 CR3: 000000054442e003 CR4: 00000000001706f0<br /> Call Trace:<br /> <br /> ? __die+0x1f/0x60<br /> ? page_fault_oops+0x15c/0x460<br /> ? try_to_wake_up+0x2d2/0x530<br /> ? exc_page_fault+0x5e/0x100<br /> ? asm_exc_page_fault+0x22/0x30<br /> netfs_write_collection_worker+0xe9f/0x12b0<br /> ? xs_poll_check_readable+0x3f/0x80<br /> ? xs_stream_data_receive_workfn+0x8d/0x110<br /> process_one_work+0x134/0x2d0<br /> worker_thread+0x299/0x3a0<br /> ? __pfx_worker_thread+0x10/0x10<br /> kthread+0xba/0xe0<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x30/0x50<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1a/0x30<br /> <br /> Modules linked in:<br /> CR2: 0000000000000000<br /> <br /> This patch adds the missing `NULL` check.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.8 (including) 6.12.21 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.13.9 (excluding)
cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools