CVE-2025-38689NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 4
Latest updateSep 5

Description

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512_status() Problem With CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses x86_task_fpu() but doesn't check it for NULL. CONFIG_X86_DEBUG_FPU addles that function for kernel threads (PF_KTHREAD specifically), making it return NULL. The point of the warning was to ensure that ke

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.166.16.2+1
CVEListV5linux/linux22aafe3bcb67472effdea1ccf0df20280192bbaf2ca887e81095b99d890a8878841f36f4920181e6+2
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-2j25-8cwq-vgvc: In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512_status() Problem With CONFIG_X86_DEBUG_F2025-09-05
OSV
CVE-2025-38689: In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512_status() Problem ------- With CONFIG_X86_D2025-09-04

📋Vendor Advisories

2
Red Hat
kernel: x86/fpu: Fix NULL dereference in avx512_status()2025-09-04
Debian
CVE-2025-38689: linux - In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fi...2025
CVE-2025-38689 — NULL Pointer Dereference in Linux | cvebase