CVE-2025-38195
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/07/2025
Last modified:
19/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()<br />
<br />
ERROR INFO:<br />
<br />
CPU 25 Unable to handle kernel paging request at virtual address 0x0<br />
...<br />
Call Trace:<br />
[] huge_pte_offset+0x3c/0x58<br />
[] hugetlb_follow_page_mask+0x74/0x438<br />
[] __get_user_pages+0xe0/0x4c8<br />
[] faultin_page_range+0x84/0x380<br />
[] madvise_vma_behavior+0x534/0xa48<br />
[] do_madvise+0x1bc/0x3e8<br />
[] sys_madvise+0x24/0x38<br />
[] do_syscall+0x78/0x98<br />
[] handle_syscall+0xb8/0x158<br />
<br />
In some cases, pmd may be NULL and rely on NULL as the return value for<br />
processing, so it is necessary to determine this situation here.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.136 (including) | 6.2 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.89 (including) | 6.6.95 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.12.26 (including) | 6.12.35 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14.5 (including) | 6.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.15.1 (including) | 6.15.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.15:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.15:rc7:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page