CVE-2025-37958NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference72 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.1
EPSS
0.1%
top 69.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMay 20
Latest updateJan 12

Description

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.145.4.295+7
Debianlinux/linux_kernel< 5.10.244-1+3
Ubuntulinux/linux_kernel< 5.15.0-156.166+3
CVEListV5linux/linux84c3fc4e9c563d8fb91cfdf5948da48fe1af34d3753f142f7ff7d2223a47105b61e1efd91587d711+8

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

36
OSV
linux-iot vulnerabilities2026-01-12
OSV
linux-azure-nvidia vulnerabilities2026-01-09
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-01-09
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2026-01-06
OSV
linux-xilinx vulnerabilities2025-12-19

📋Vendor Advisories

35
Ubuntu
Linux kernel (IoT) vulnerabilities2026-01-12
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2026-01-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-01-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-01-06
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-12-19
CVE-2025-37958 — NULL Pointer Dereference in Linux | cvebase