PT-2025-39144 · Linux+1 · Linux Kernel+1

CVE-2025-39887

·

Published

2025-09-06

·

Updated

2025-09-24

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.17.0-rc4-00201-gd69eb204c255 and earlier
Description A flaw exists in the Linux kernel's tracing/osnoise module, specifically within the bitmap parselist() function. A null pointer dereference can occur when the count parameter is set to 0 in the osnoise cpus write() function, leading to a kernel crash. The issue arises because kmalloc() returns a null pointer in this scenario, which is then incorrectly processed by cpulist parse(). The vulnerability can be triggered by writing "0-2" to the /sys/kernel/debug/tracing/osnoise/cpus file.
Recommendations Update the Linux kernel to a version beyond 6.17.0-rc4-00201-gd69eb204c255.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2025-13901
CVE-2025-39887

Affected Products

Astra Linux
Linux Kernel