Null Pointer Dereference Vulnerability in Linux Kernel Affects Multiple Configurations
CVE-2025-38255

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 July 2025

What is CVE-2025-38255?

A vulnerability in the Linux kernel's handling of CPU groups can lead to a null pointer dereference, triggered when the numgrps variable is set to zero during the operation of configfs. This flaw can cause the kernel to panic, resulting in system instability. The root cause is the dereferencing of a ZERO_SIZE_PTR returned by kcalloc() when it encounters a zero value. To mitigate this, a check has been implemented to ensure numgrps is greater than zero before proceeding, which prevents such panics and enhances system resilience.

Affected Version(s)

Linux 6a6dcae8f486c3f3298d0767d34505121c7b0b81 < 64a99eff8dcf1f951a544e6058341b2b19a8fdbd

Linux 6a6dcae8f486c3f3298d0767d34505121c7b0b81 < 29d39e0d5f16c060e32542b2cf351c09fd22b250

Linux 6a6dcae8f486c3f3298d0767d34505121c7b0b81 < 911ef2e8a7de5b2bae8ff11fb0bd01f699e6db65

References

https://git.kernel.org/stable/c/64a99eff8dcf1f951a544e605...
https://git.kernel.org/stable/c/29d39e0d5f16c060e32542b2c...
https://git.kernel.org/stable/c/911ef2e8a7de5b2bae8ff11fb...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38255 : Null Pointer Dereference Vulnerability in Linux Kernel Affects Multiple Configurations