CVE-2025-39887

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.17.0-rc4-00201-gd69eb204c255 and earlier

Description A flaw exists in the Linux kernel's tracing/osnoise module, specifically within the bitmap parselist() function. A null pointer dereference can occur when the count parameter is set to 0 in the osnoise cpus write() function, leading to a kernel crash. The issue arises because kmalloc() returns a null pointer in this scenario, which is then incorrectly processed by cpulist parse(). The vulnerability can be triggered by writing "0-2" to the /sys/kernel/debug/tracing/osnoise/cpus file.

Recommendations Update the Linux kernel to a version beyond 6.17.0-rc4-00201-gd69eb204c255.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-13901

CVE-2025-39887

Affected Products

Astra Linux

Linux Kernel

CVE-2025-39887

Weakness Enumeration

Related Identifiers

Affected Products

References · 18