CVE-2025-38442
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-11-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: block: reject bs > ps block devices when THP is disabled If THP is disabled and when a block device with logical block size > page size is present, the following null ptr deref panic happens during boot: [ [13.2 mK AOSAN: null-ptr-deref in range [0x0000000000000000-0x0000000000K0 0 0[07] [ 13.017749] RIP: 0010:create_empty_buffers+0x3b/0x380 <snip> [ 13.025448] Call Trace: [ 13.025692] <TASK> [ 13.025895] block_read_full_folio+0x610/0x780 [ 13.026379] ? __pfx_blkdev_get_block+0x10/0x10 [ 13.027008] ? __folio_batch_add_and_move+0x1fa/0x2b0 [ 13.027548] ? __pfx_blkdev_read_folio+0x10/0x10 [ 13.028080] filemap_read_folio+0x9b/0x200 [ 13.028526] ? __pfx_filemap_read_folio+0x10/0x10 [ 13.029030] ? __filemap_get_folio+0x43/0x620 [ 13.029497] do_read_cache_folio+0x155/0x3b0 [ 13.029962] ? __pfx_blkdev_read_folio+0x10/0x10 [ 13.030381] read_part_sector+0xb7/0x2a0 [ 13.030805] read_lba+0x174/0x2c0 <snip> [ 13.045348] nvme_scan_ns+0x684/0x850 [nvme_core] [ 13.045858] ? __pfx_nvme_scan_ns+0x10/0x10 [nvme_core] [ 13.046414] ? _raw_spin_unlock+0x15/0x40 [ 13.046843] ? __switch_to+0x523/0x10a0 [ 13.047253] ? kvm_clock_get_cycles+0x14/0x30 [ 13.047742] ? __pfx_nvme_scan_ns_async+0x10/0x10 [nvme_core] [ 13.048353] async_run_entry_fn+0x96/0x4f0 [ 13.048787] process_one_work+0x667/0x10a0 [ 13.049219] worker_thread+0x63c/0xf60 As large folio support depends on THP, only allow bs > ps block devices if THP is enabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-11-19
Generated
2026-05-07
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38442
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel when Transparent Huge Pages (THP) are disabled and a block device has a logical block size larger than the system's page size. Under these conditions, a null pointer dereference panic happens during system boot, causing the system to crash. The issue arises because large folio support depends on THP, and the kernel did not properly reject block devices with logical block size greater than page size when THP is disabled.


How can this vulnerability impact me? :

This vulnerability can cause the Linux system to panic and crash during boot if THP is disabled and a block device with a logical block size larger than the page size is present. This can lead to system downtime, potential data unavailability, and disruption of services relying on the affected system.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for kernel panic logs during boot related to null pointer dereference in the block device handling when Transparent Huge Pages (THP) is disabled. Look for kernel messages similar to 'null-ptr-deref' and stack traces involving create_empty_buffers and block_read_full_folio. You can use commands like 'dmesg | grep -i null-ptr-deref' or 'journalctl -k | grep -i null-ptr-deref' to find relevant panic logs. Additionally, verify if THP is disabled by checking the contents of /sys/kernel/mm/transparent_hugepage/enabled.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, ensure that Transparent Huge Pages (THP) is enabled on your system, as the issue occurs only when THP is disabled and a block device has a logical block size greater than the page size. Enabling THP prevents the null pointer dereference panic during boot. You can enable THP by setting '/sys/kernel/mm/transparent_hugepage/enabled' to 'always' or 'madvise'. Additionally, update your Linux kernel to a version where this vulnerability is resolved.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart