Linux Kernel Vulnerability Affecting User-Space Registration
CVE-2025-38067
What is CVE-2025-38067?
A vulnerability in the Linux kernel related to the rseq (restartable sequences) functionality can lead to segmentation faults during the registration process. Specifically, the rseq_cs field is meant to be set to zero by user-space prior to registration, but current kernel implementations do not enforce this rule. As a result, if a non-zero value is stored, it may not point to a valid struct rseq_cs, possibly causing a segmentation fault upon return to user-space. This issue is compounded in older versions of glibc, which may not clear the rseq_cs field when reusing rseq areas across threads, thereby increasing the risk of process termination. To resolve this, the registration process should enforce a check for a non-zero rseq_cs field, ensuring that invalid pointers are not utilized, thus maintaining system integrity.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2df285dab00fa03a3ef939b6cb0d0d0aeb0791db
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 6.14.9 <= 6.14.*