CVE-2025-38696
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL ABI pointer and crash. This can for example happen when using kunit: mips_stack_top+0x28/0xc0 arch_pick_mmap_layout+0x190/0x220 kunit_vm_mmap_init+0xf8/0x138 __kunit_add_resource+0x40/0xa8 kunit_vm_mmap+0x88/0xd8 usercopy_test_init+0xb8/0x240 kunit_try_run_case+0x5c/0x1a8 kunit_generic_run_threadfn_adapter+0x28/0x50 kthread+0x118/0x240 ret_from_kernel_thread+0x14/0x1c Only dereference the ABI point if it is set. The GIC page is also included as it is specific to the vDSO. Also move the randomization adjustment into the same conditional.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-09-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38696
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel on MIPS architecture where the function stack_top() can cause a crash if called by tasks that do not have an ABI (Application Binary Interface) associated or a vDSO (virtual Dynamic Shared Object) mapped. Specifically, tasks like kernel threads (kthreads) never have an ABI, and if such a task calls stack_top(), the function dereferences a NULL ABI pointer, leading to a kernel crash. The fix involves only dereferencing the ABI pointer if it is set, preventing the crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash when certain tasks without an ABI or vDSO mapped call the stack_top() function. This can lead to system instability or denial of service due to kernel crashes, especially in environments using kernel unit testing (kunit) or involving kernel threads.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by ensuring that the ABI pointer is only dereferenced if it is set, preventing crashes in stack_top() for tasks without ABI or vDSO. Immediate mitigation involves updating the Linux kernel to the fixed version that includes this patch.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart