CVE-2025-39887

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing/osnoise: Fix null-ptr-deref in bitmap_parselist()<br /> <br /> A crash was observed with the following output:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000010<br /> Oops: Oops: 0000 [#1] SMP NOPTI<br /> CPU: 2 UID: 0 PID: 92 Comm: osnoise_cpus Not tainted 6.17.0-rc4-00201-gd69eb204c255 #138 PREEMPT(voluntary)<br /> RIP: 0010:bitmap_parselist+0x53/0x3e0<br /> Call Trace:<br /> <br /> osnoise_cpus_write+0x7a/0x190<br /> vfs_write+0xf8/0x410<br /> ? do_sys_openat2+0x88/0xd0<br /> ksys_write+0x60/0xd0<br /> do_syscall_64+0xa4/0x260<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> <br /> This issue can be reproduced by below code:<br /> <br /> fd=open("/sys/kernel/debug/tracing/osnoise/cpus", O_WRONLY);<br /> write(fd, "0-2", 0);<br /> <br /> When user pass &amp;#39;count=0&amp;#39; to osnoise_cpus_write(), kmalloc() will return<br /> ZERO_SIZE_PTR (16) and cpulist_parse() treat it as a normal value, which<br /> trigger the null pointer dereference. Add check for the parameter &amp;#39;count&amp;#39;.