CVE-2025-37929NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference17 documents6 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.1%
top 70.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedMay 20
Latest updateAug 28

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Commit a5951389e58d ("arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists") added some additional CPUs to the Spectre-BHB workaround, including some new arrays for designs that require new 'k' values for the workaround to be effective. Unfortunately, the new arrays omitted the sentinel entry and so is_midr_in_range_list() will walk off the

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel6.1.1356.1.138+6
Debianlinux/linux_kernel< 6.1.140-1+2
Ubuntulinux/linux_kernel< 6.14.0-24.24
CVEListV5linux/linux4a2f3d8260a996bc43dcc1ce49ac594db54f4b3ee68da90ac00d8b681561aeb8f5d6c47af3a04861+12
debiandebian/linux< linux 6.1.140-1 (bookworm)

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2025-08-28
OSV
linux-aws-6.14 vulnerabilities2025-07-24
OSV
linux-aws vulnerabilities2025-07-22
OSV
linux-oracle vulnerabilities2025-07-22
OSV
linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities2025-07-17

📋Vendor Advisories

8
Ubuntu
Linux kernel (Azure) vulnerabilities2025-08-28
Ubuntu
Linux kernel (AWS) vulnerabilities2025-07-24
Ubuntu
Linux kernel (AWS) vulnerabilities2025-07-22
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-07-22
Ubuntu
Linux kernel vulnerabilities2025-07-17
CVE-2025-37929 — NULL Pointer Dereference in Linux | cvebase