PT-2025-35962 · Linux+1 · Linux Kernel+1
Published
2025-08-11
·
Updated
2026-05-26
·
CVE-2025-38689
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The Linux kernel contains a flaw where reading
/proc/[kthread]/arch status can cause a NULL pointer dereference when CONFIG X86 DEBUG FPU is enabled. This occurs because the AVX-512 timestamp code uses x86 task fpu() without checking for NULL, and CONFIG X86 DEBUG FPU can cause this function to return NULL for kernel threads. The issue arises from attempting to output AVX-512 elapsed milliseconds for kernel threads, which is unreliable as avx512 timestamp is only updated for user threads.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linux Kernel