CVE-2025-38704

EPSS 0.03%
Published 04.09.2025 15:32:55
Last modified 05.09.2025 17:47:24
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access

In the preparation stage of CPU online, if the corresponding
the rdp's->nocb_cb_kthread does not exist, will be created,
there is a situation where the rdp's rcuop kthreads creation fails,
and then de-offload this CPU's rdp, does not assign this CPU's
rdp->nocb_cb_kthread pointer, but this rdp's->nocb_gp_rdp and
rdp's->rdp_gp->nocb_gp_kthread is still valid.

This will cause the subsequent re-offload operation of this offline
CPU, which will pass the conditional check and the kthread_unpark()
will access invalid rdp's->nocb_cb_kthread pointer.

This commit therefore use rdp's->nocb_gp_kthread instead of
rdp_gp's->nocb_gp_kthread for safety check.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < cce3d027227c69e85896af9fbc6fa9af5c68f067

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1c951683a720b17c9ecaad1932bc95b29044611f

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 9b5ec8e6b31755288a07b3abeeab8cd38e9d3c9d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1bba3900ca18bdae28d1b9fa10f16a8f8cb2ada1

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version <= 6.12.*

Version 6.12.43

Status unaffected

Version <= 6.15.*

Version 6.15.11

Status unaffected

Version <= 6.16.*

Version 6.16.2

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.056

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/cce3d027227c69e85896af9fbc6fa9af5c68f067

https://git.kernel.org/stable/c/1c951683a720b17c9ecaad1932bc95b29044611f

https://git.kernel.org/stable/c/9b5ec8e6b31755288a07b3abeeab8cd38e9d3c9d

https://git.kernel.org/stable/c/1bba3900ca18bdae28d1b9fa10f16a8f8cb2ada1

https://nvd.nist.gov/vuln/detail/CVE-2025-38704

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38704

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38704

EUVD