CVE-2025-37876 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 84.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 9
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS
When testing a special config:
CONFIG_NETFS_SUPPORTS=y
CONFIG_PROC_FS=n
The system crashes with something like:
[ 3.766197] ------------[ cut here ]------------
[ 3.766484] kernel BUG at mm/mempool.c:560!
[ 3.766789] Oops: invalid opcode: 0000 [#1] SMP NOPTI
[ 3.767123] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W
[ 3.767777] Tainted: [W]=WARN
[ 3.767968] Hardware n…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux7eb5b3e3a0a55f2d166ca949ef47ca6e0c704aab — 2ef6eea2efce01d1956ace483216f6b6e26330c9+3
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-xp7w-6352-489g: In the Linux kernel, the following vulnerability has been resolved:
netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS
When testing a special con↗2025-05-09
OSV▶
CVE-2025-37876: In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS When testing a special confi↗2025-05-09
📋Vendor Advisories
5Debian▶
CVE-2025-37876: linux - In the Linux kernel, the following vulnerability has been resolved: netfs: Only...↗2025