CVE-2025-38689

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/fpu: Fix NULL dereference in avx512_status()<br /> <br /> Problem<br /> -------<br /> With CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status<br /> causes a warning and a NULL pointer dereference.<br /> <br /> This is because the AVX-512 timestamp code uses x86_task_fpu() but<br /> doesn&amp;#39;t check it for NULL. CONFIG_X86_DEBUG_FPU addles that function<br /> for kernel threads (PF_KTHREAD specifically), making it return NULL.<br /> <br /> The point of the warning was to ensure that kernel threads only access<br /> task-&gt;fpu after going through kernel_fpu_begin()/_end(). Note: all<br /> kernel tasks exposed in /proc have a valid task-&gt;fpu.<br /> <br /> Solution<br /> --------<br /> One option is to silence the warning and check for NULL from<br /> x86_task_fpu(). However, that warning is fairly fresh and seems like a<br /> defense against misuse of the FPU state in kernel threads.<br /> <br /> Instead, stop outputting AVX-512_elapsed_ms for kernel threads<br /> altogether. The data was garbage anyway because avx512_timestamp is<br /> only updated for user threads, not kernel threads.<br /> <br /> If anyone ever wants to track kernel thread AVX-512 use, they can come<br /> back later and do it properly, separate from this bug fix.<br /> <br /> [ dhansen: mostly rewrite changelog ]