CVE-2025-38696
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
04/09/2025
Last modified:
09/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
MIPS: Don&#39;t crash in stack_top() for tasks without ABI or vDSO<br />
<br />
Not all tasks have an ABI associated or vDSO mapped,<br />
for example kthreads never do.<br />
If such a task ever ends up calling stack_top(), it will derefence the<br />
NULL ABI pointer and crash.<br />
<br />
This can for example happen when using kunit:<br />
<br />
mips_stack_top+0x28/0xc0<br />
arch_pick_mmap_layout+0x190/0x220<br />
kunit_vm_mmap_init+0xf8/0x138<br />
__kunit_add_resource+0x40/0xa8<br />
kunit_vm_mmap+0x88/0xd8<br />
usercopy_test_init+0xb8/0x240<br />
kunit_try_run_case+0x5c/0x1a8<br />
kunit_generic_run_threadfn_adapter+0x28/0x50<br />
kthread+0x118/0x240<br />
ret_from_kernel_thread+0x14/0x1c<br />
<br />
Only dereference the ABI point if it is set.<br />
<br />
The GIC page is also included as it is specific to the vDSO.<br />
Also move the randomization adjustment into the same conditional.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.77 (including) | 4.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.18.15 (including) | 4.19 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.1 (including) | 5.4.297 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.241 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.190 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.149 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.103 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.43 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.16 (including) | 6.16.2 (excluding) |
| cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.19:rc8:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/24d098b6f69b0aa806ffcb3e18259bee31650b28
- https://git.kernel.org/stable/c/5b6839b572b503609b9b58bc6c04a816eefa0794
- https://git.kernel.org/stable/c/82d140f6aab5e89a9d3972697a0dbe1498752d9b
- https://git.kernel.org/stable/c/ab18e48a503230d675e824a0d68a108bdff42503
- https://git.kernel.org/stable/c/bd90dbd196831f5c2620736dc221db2634cf1e8e
- https://git.kernel.org/stable/c/cddf47d20b0325dc8a4e57b833fe96e8f36c42a4
- https://git.kernel.org/stable/c/e78033e59444d257d095b73ce5d20625294f6ec2
- https://git.kernel.org/stable/c/e9f4a6b3421e936c3ee9d74710243897d74dbaa2
- https://git.kernel.org/stable/c/f22de2027b206ddfb8a075800bb5d0dacf2da4b8
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html