5.5

CVE-2025-38067

EPSS 0.13%
Veröffentlicht 18.06.2025 09:33:45
Zuletzt bearbeitet 12.05.2026 13:16:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

rseq: Fix segfault on registration when rseq_cs is non-zero

In the Linux kernel, the following vulnerability has been resolved:

rseq: Fix segfault on registration when rseq_cs is non-zero

The rseq_cs field is documented as being set to 0 by user-space prior to
registration, however this is not currently enforced by the kernel. This
can result in a segfault on return to user-space if the value stored in
the rseq_cs field doesn't point to a valid struct rseq_cs.

The correct solution to this would be to fail the rseq registration when
the rseq_cs field is non-zero. However, some older versions of glibc
will reuse the rseq area of previous threads without clearing the
rseq_cs field and will also terminate the process if the rseq
registration fails in a secondary thread. This wasn't caught in testing
because in this case the leftover rseq_cs does point to a valid struct
rseq_cs.

What we can do is clear the rseq_cs field on registration when it's
non-zero which will prevent segfaults on registration and won't break
the glibc versions that reuse rseq areas on thread creation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

NVD 7 VulnDex Vulnerability Enrichment 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.18 < 5.10.240

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.189

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.146

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.99

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.39

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.9

Debian ≫ Debian Linux Version11.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.319

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/2df285dab00fa03a3ef939b6cb0d0d0aeb0791db

Patch

https://git.kernel.org/stable/c/fd881d0a085fc54354414aed990ccf05f282ba53

Patch

https://git.kernel.org/stable/c/3e4028ef31b69286c9d4878cee0330235f53f218

Patch

https://git.kernel.org/stable/c/48900d839a3454050fd5822e34be8d54c4ec9b86

Patch

https://git.kernel.org/stable/c/b2b05d0dc2f4f0646922068af435aed5763d16ba

Patch

https://git.kernel.org/stable/c/eaf112069a904b6207b4106ff083e0208232a2eb

Patch

https://git.kernel.org/stable/c/f004f58d18a2d3dc761cf973ad27b4a5997bd876

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Third Party Advisory

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

https://nvd.nist.gov/vuln/detail/CVE-2025-38067

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38067

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38067

EUVD