CVE-2025-38689
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512_status() Problem ------- With CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses x86_task_fpu() but doesn't check it for NULL. CONFIG_X86_DEBUG_FPU addles that function for kernel threads (PF_KTHREAD specifically), making it return NULL. The point of the warning was to ensure that kernel threads only access task->fpu after going through kernel_fpu_begin()/_end(). Note: all kernel tasks exposed in /proc have a valid task->fpu. Solution -------- One option is to silence the warning and check for NULL from x86_task_fpu(). However, that warning is fairly fresh and seems like a defense against misuse of the FPU state in kernel threads. Instead, stop outputting AVX-512_elapsed_ms for kernel threads altogether. The data was garbage anyway because avx512_timestamp is only updated for user threads, not kernel threads. If anyone ever wants to track kernel thread AVX-512 use, they can come back later and do it properly, separate from this bug fix. [ dhansen: mostly rewrite changelog ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-24
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-38689
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.17
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's x86/fpu code, specifically in the avx512_status() function. When CONFIG_X86_DEBUG_FPU is enabled, reading /proc/[kthread]/arch_status causes a warning and a NULL pointer dereference because the AVX-512 timestamp code uses x86_task_fpu() without checking if it returns NULL. Kernel threads (PF_KTHREAD) cause x86_task_fpu() to return NULL under this configuration, leading to the issue. The fix involved stopping the output of AVX-512 elapsed time for kernel threads, as the data was invalid for them.

Impact Analysis

This vulnerability can cause a kernel warning and a NULL pointer dereference when accessing certain kernel thread status files, potentially leading to kernel instability or crashes. It affects systems with CONFIG_X86_DEBUG_FPU enabled and could disrupt normal kernel operations involving kernel threads and their floating point unit (FPU) state handling.

Mitigation Strategies

The vulnerability is resolved by updating the Linux kernel to a version where the fix is applied. The fix involves stopping the output of AVX-512_elapsed_ms for kernel threads to avoid NULL pointer dereference. Therefore, the immediate mitigation step is to apply the kernel update that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38689. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart