CVE-2025-38689— Linux kernel 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-38689の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
x86/fpu: Fix NULL dereference in avx512_status()
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512_status() Problem ------- With CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses x86_task_fpu() but doesn't check it for NULL. CONFIG_X86_DEBUG_FPU addles that function for kernel threads (PF_KTHREAD specifically), making it return NULL. The point of the warning was to ensure that kernel threads only access task->fpu after going through kernel_fpu_begin()/_end(). Note: all kernel tasks exposed in /proc have a valid task->fpu. Solution -------- One option is to silence the warning and check for NULL from x86_task_fpu(). However, that warning is fairly fresh and seems like a defense against misuse of the FPU state in kernel threads. Instead, stop outputting AVX-512_elapsed_ms for kernel threads altogether. The data was garbage anyway because avx512_timestamp is only updated for user threads, not kernel threads. If anyone ever wants to track kernel thread AVX-512 use, they can come back later and do it properly, separate from this bug fix. [ dhansen: mostly rewrite changelog ]
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于AVX-512状态函数未检查NULL指针。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2025-38689の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-38689のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-09-04 · 52 CVEs total
| CVE-2025-38695 | scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure | |
| CVE-2025-38679 | media: venus: Fix OOB read due to missing payload bound check | |
| CVE-2025-38680 | media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() | |
| CVE-2025-38685 | fbdev: Fix vmalloc out-of-bounds write in fast_imageblit | |
| CVE-2025-38682 | i2c: core: Fix double-free of fwnode in i2c_unregister_device() | |
| CVE-2025-38683 | hv_netvsc: Fix panic during namespace deletion with VF | |
| CVE-2025-38684 | net/sched: ets: use old 'nbands' while purging unused classes | |
| CVE-2025-38681 | mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() | |
| CVE-2025-38694 | media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() | |
| CVE-2025-38693 | media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_t | |
| CVE-2025-38692 | exfat: add cluster chain loop check for dir | |
| CVE-2025-38696 | MIPS: Don't crash in stack_top() for tasks without ABI or vDSO | |
| CVE-2025-38697 | jfs: upper bound check of tree index in dbAllocAG | |
| CVE-2025-38699 | scsi: bfa: Double-free fix | |
| CVE-2025-38698 | jfs: Regular file corruption check | |
| CVE-2025-38700 | scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated | |
| CVE-2025-38701 | ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr | |
| CVE-2025-38702 | fbdev: fix potential buffer overflow in do_register_framebuffer() | |
| CVE-2025-38703 | drm/xe: Make dma-fences compliant with the safe access rules | |
| CVE-2025-38704 | rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access |
Showing 20 of 52 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
同じベンダー: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. CVE-2025-38689へのコメント
まだコメントはありません