CVE-2025-38696
published 2025-09-04CVE-2025-38696: In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Not all tasks have an ABI…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Not all tasks have an ABI associated or vDSO mapped,
for example kthreads never do.
If such a task ever ends up calling stack_top(), it will derefence the
NULL ABI pointer and crash.
This can for example happen when using kunit:
mips_stack_top+0x28/0xc0
arch_pick_mmap_layout+0x190/0x220
kunit_vm_mmap_init+0xf8/0x138
__kunit_add_resource+0x40/0xa8
kunit_vm_mmap+0x88/0xd8
usercopy_test_init+0xb8/0x240
kunit_try_run_case+0x5c/0x1a8
kunit_generic_run_threadfn_adapter+0x28/0x50
kthread+0x118/0x240
ret_from_kernel_thread+0x14/0x1c
Only dereference the ABI point if it is set.
The GIC page is also included as it is specific to the vDSO.
Also move the randomization adjustment into the same conditional.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | — | — |
| linux | linux | — | — |
| linux | linux | >= 4.14.77 < 4.15 | 4.15 |
| linux | linux | >= 4.18.15 < 4.19 | 4.19 |
| linux | linux | >= ea7e0480a4b695d0aa6b3fa99bd658a003122113 < ab18e48a503230d675e824a0d68a108bdff42503 | ab18e48a503230d675e824a0d68a108bdff42503 |
| linux | linux | >= ea7e0480a4b695d0aa6b3fa99bd658a003122113 < e78033e59444d257d095b73ce5d20625294f6ec2 | e78033e59444d257d095b73ce5d20625294f6ec2 |
| linux | linux | >= ea7e0480a4b695d0aa6b3fa99bd658a003122113 < bd90dbd196831f5c2620736dc221db2634cf1e8e | bd90dbd196831f5c2620736dc221db2634cf1e8e |
| linux | linux | >= ea7e0480a4b695d0aa6b3fa99bd658a003122113 < 5b6839b572b503609b9b58bc6c04a816eefa0794 | 5b6839b572b503609b9b58bc6c04a816eefa0794 |
| linux | linux | >= ea7e0480a4b695d0aa6b3fa99bd658a003122113 < f22de2027b206ddfb8a075800bb5d0dacf2da4b8 | f22de2027b206ddfb8a075800bb5d0dacf2da4b8 |
| linux | linux | >= ea7e0480a4b695d0aa6b3fa99bd658a003122113 < 82d140f6aab5e89a9d3972697a0dbe1498752d9b | 82d140f6aab5e89a9d3972697a0dbe1498752d9b |
| linux | linux | >= ea7e0480a4b695d0aa6b3fa99bd658a003122113 < 24d098b6f69b0aa806ffcb3e18259bee31650b28 | 24d098b6f69b0aa806ffcb3e18259bee31650b28 |
| linux | linux | >= ea7e0480a4b695d0aa6b3fa99bd658a003122113 < cddf47d20b0325dc8a4e57b833fe96e8f36c42a4 | cddf47d20b0325dc8a4e57b833fe96e8f36c42a4 |
| linux | linux | >= ea7e0480a4b695d0aa6b3fa99bd658a003122113 < e9f4a6b3421e936c3ee9d74710243897d74dbaa2 | e9f4a6b3421e936c3ee9d74710243897d74dbaa2 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.43-1 | 6.12.43-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 4.14.77 < 4.15 | 4.15 |
| linux | linux_kernel | >= 4.18.15 < 4.19 | 4.19 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM