5.5
CVE-2025-38067
- EPSS 0.48%
- Veröffentlicht 18.06.2025 09:33:45
- Zuletzt bearbeitet 12.05.2026 13:16:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
rseq: Fix segfault on registration when rseq_cs is non-zero
In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior to registration, however this is not currently enforced by the kernel. This can result in a segfault on return to user-space if the value stored in the rseq_cs field doesn't point to a valid struct rseq_cs. The correct solution to this would be to fail the rseq registration when the rseq_cs field is non-zero. However, some older versions of glibc will reuse the rseq area of previous threads without clearing the rseq_cs field and will also terminate the process if the rseq registration fails in a secondary thread. This wasn't caught in testing because in this case the leftover rseq_cs does point to a valid struct rseq_cs. What we can do is clear the rseq_cs field on registration when it's non-zero which will prevent segfaults on registration and won't break the glibc versions that reuse rseq areas on thread creation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.18 < 5.10.240
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.189
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.146
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.99
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.39
Linux ≫ Linux Kernel Version >= 6.13 < 6.14.9
Debian ≫ Debian Linux Version11.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.379 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
https://git.kernel.org/stable/c/2df285dab00fa03a3ef939b6cb0d0d0aeb0791db
https://git.kernel.org/stable/c/fd881d0a085fc54354414aed990ccf05f282ba53
https://git.kernel.org/stable/c/3e4028ef31b69286c9d4878cee0330235f53f218
https://git.kernel.org/stable/c/48900d839a3454050fd5822e34be8d54c4ec9b86
https://git.kernel.org/stable/c/b2b05d0dc2f4f0646922068af435aed5763d16ba
https://git.kernel.org/stable/c/eaf112069a904b6207b4106ff083e0208232a2eb
https://git.kernel.org/stable/c/f004f58d18a2d3dc761cf973ad27b4a5997bd876
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
https://cert-portal.siemens.com/productcert/html/ssa-082556.html