5.5

CVE-2025-37949

EPSS 0.03%
Veröffentlicht 20.05.2025 16:15:32
Zuletzt bearbeitet 17.12.2025 20:05:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

xenbus: Use kref to track req lifetime

Marek reported seeing a NULL pointer fault in the xenbus_thread
callstack:
BUG: kernel NULL pointer dereference, address: 0000000000000000
RIP: e030:__wake_up_common+0x4c/0x180
Call Trace:
 <TASK>
 __wake_up_common_lock+0x82/0xd0
 process_msg+0x18e/0x2f0
 xenbus_thread+0x165/0x1c0

process_msg+0x18e is req->cb(req).  req->cb is set to xs_wake_up(), a
thin wrapper around wake_up(), or xenbus_dev_queue_reply().  It seems
like it was xs_wake_up() in this case.

It seems like req may have woken up the xs_wait_for_reply(), which
kfree()ed the req.  When xenbus_thread resumes, it faults on the zero-ed
data.

Linux Device Drivers 2nd edition states:
"Normally, a wake_up call can cause an immediate reschedule to happen,
meaning that other processes might run before wake_up returns."
... which would match the behaviour observed.

Change to keeping two krefs on each request.  One for the caller, and
one for xenbus_thread.  Each will kref_put() when finished, and the last
will free it.

This use of kref matches the description in
Documentation/core-api/kref.rst

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.11 < 5.4.294

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.238

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.183

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.139

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.91

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.29

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.7

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

Linux ≫ Linux Kernel Version6.15 Updaterc4

Linux ≫ Linux Kernel Version6.15 Updaterc5

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.087

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/1f0304dfd9d217c2f8b04a9ef4b3258a66eedd27

Patch

https://git.kernel.org/stable/c/2466b0f66795c3c426cacc8998499f38031dbb59

Patch

https://git.kernel.org/stable/c/4d260a5558df4650eb87bc41b2c9ac2d6b2ba447

Patch

https://git.kernel.org/stable/c/8b02f85e84dc6f7c150cef40ddb69af5a25659e5

Patch

https://git.kernel.org/stable/c/8e9c8a0393b5f85f1820c565ab8105660f4e8f92

Patch

https://git.kernel.org/stable/c/cbfaf46b88a4c01b64c4186cdccd766c19ae644c

Patch

https://git.kernel.org/stable/c/0e94a246bb6d9538010b6c02d2b1d4717a97b2e5

Patch

https://git.kernel.org/stable/c/f1bcac367bc95631afbb918348f30dec887d0e1b

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-37949

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37949

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37949

EUVD