CVE-2025-38733NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 5

Description

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do not map lowcore with identity mapping Since the identity mapping is pinned to address zero the lowcore is always also mapped to address zero, this happens regardless of the relocate_lowcore command line option. If the option is specified the lowcore is mapped twice, instead of only once. This means that NULL pointer accesses will succeed instead of causing an exception (low address protection still applies, but co

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.10.116.11+4
Debianlinux/linux_kernel< 6.12.48-1+1
CVEListV5linux/linux32db401965f165f7c44447d0508097f070c8f57630bf5728bb217a6d1ba73f44094c9b9c6bc9a567+4
debiandebian/linux< linux 6.16.5-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-38733: In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do not map lowcore with identity mapping Since the identity mapping is pi2025-09-05
GHSA
GHSA-9w66-p46h-j52f: In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do not map lowcore with identity mapping Since the identity mapping is2025-09-05

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service due to incorrect lowcore memory mapping2025-09-05
Debian
CVE-2025-38733: linux - In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do...2025
CVE-2025-38733 — NULL Pointer Dereference in Linux | cvebase