CVE-2025-38255

EPSS 0.03%
Published 09.07.2025 10:42:33
Last modified 10.07.2025 13:17:30
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly()

While testing null_blk with configfs, echo 0 > poll_queues will trigger
following panic:

BUG: kernel NULL pointer dereference, address: 0000000000000010
Oops: Oops: 0000 [#1] SMP NOPTI
CPU: 27 UID: 0 PID: 920 Comm: bash Not tainted 6.15.0-02023-gadbdb95c8696-dirty #1238 PREEMPT(undef)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014
RIP: 0010:__bitmap_or+0x48/0x70
Call Trace:
 <TASK>
 __group_cpus_evenly+0x822/0x8c0
 group_cpus_evenly+0x2d9/0x490
 blk_mq_map_queues+0x1e/0x110
 null_map_queues+0xc9/0x170 [null_blk]
 blk_mq_update_queue_map+0xdb/0x160
 blk_mq_update_nr_hw_queues+0x22b/0x560
 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]
 nullb_device_poll_queues_store+0xa4/0x130 [null_blk]
 configfs_write_iter+0x109/0x1d0
 vfs_write+0x26e/0x6f0
 ksys_write+0x79/0x180
 __x64_sys_write+0x1d/0x30
 x64_sys_call+0x45c4/0x45f0
 do_syscall_64+0xa5/0x240
 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Root cause is that numgrps is set to 0, and ZERO_SIZE_PTR is returned from
kcalloc(), and later ZERO_SIZE_PTR will be deferenced.

Fix the problem by checking numgrps first in group_cpus_evenly(), and
return NULL directly if numgrps is zero.

[yukuai3@huawei.com: also fix the non-SMP version]

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 64a99eff8dcf1f951a544e6058341b2b19a8fdbd

Version 6a6dcae8f486c3f3298d0767d34505121c7b0b81

Status affected

Version < 29d39e0d5f16c060e32542b2cf351c09fd22b250

Version 6a6dcae8f486c3f3298d0767d34505121c7b0b81

Status affected

Version < 911ef2e8a7de5b2bae8ff11fb0bd01f699e6db65

Version 6a6dcae8f486c3f3298d0767d34505121c7b0b81

Status affected

Version < df831e97739405ecbaddb85516bc7d4d1c933d6b

Version 6a6dcae8f486c3f3298d0767d34505121c7b0b81

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.3

Status affected

Version < 6.3

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.96

Status unaffected

Version <= 6.12.*

Version 6.12.36

Status unaffected

Version <= 6.15.*

Version 6.15.5

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.057

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/64a99eff8dcf1f951a544e6058341b2b19a8fdbd

https://git.kernel.org/stable/c/29d39e0d5f16c060e32542b2cf351c09fd22b250

https://git.kernel.org/stable/c/911ef2e8a7de5b2bae8ff11fb0bd01f699e6db65

https://git.kernel.org/stable/c/df831e97739405ecbaddb85516bc7d4d1c933d6b

https://nvd.nist.gov/vuln/detail/CVE-2025-38255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38255

EUVD