x86/resctrl Vulnerability in Linux Kernel Affects Multiple Platforms

CVE-2025-38049

Summary

A logic error in the Linux kernel's x86/resctrl functionality allows for a NULL pointer dereference when creating new control groups on platforms lacking cache occupancy monitors. The issue stems from the absence of allocated arrays in certain conditions, leading to potential operational disruptions. This vulnerability particularly affects systems relying on a cleanest CLOSID allocation based on dirty cache line counts, which is unnecessary for platforms without monitoring capabilities. A fix has been implemented to improve robustness and prevent similar issues.

References