Kernel Vulnerability in Linux Affecting rcu/nocb Functionality
CVE-2025-38704

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38704?

A vulnerability exists in the Linux kernel that impacts the handling of rcu/nocb functionality during CPU online preparations. When a specific kernel thread pointer (rdp's->nocb_cb_kthread) is not created, it can lead to an invalid pointer access during subsequent operations. This occurs when an offline CPU's re-offload checks bypass certain conditional validations, risking access to an invalid memory pointer. This potentially compromises system stability and security, necessitating immediate attention and application of the relevant patches.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1c951683a720b17c9ecaad1932bc95b29044611f

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9b5ec8e6b31755288a07b3abeeab8cd38e9d3c9d

References

https://git.kernel.org/stable/c/cce3d027227c69e85896af9fb...

https://git.kernel.org/stable/c/1c951683a720b17c9ecaad193...

https://git.kernel.org/stable/c/9b5ec8e6b31755288a07b3abe...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025