Null Pointer Dereference in Linux Kernel's Tracing Component
CVE-2025-39887
Currently unrated
What is CVE-2025-39887?
A vulnerability in the Linux kernel's tracing component can lead to a null pointer dereference when the osnoise_cpus_write() function is called with a count parameter set to zero. This scenario arises when the 'count' parameter is not properly validated, allowing users to inadvertently trigger the dereference. The issue manifests through unexpected crashes in the kernel, disrupting system operations and stability. A fix has been implemented to ensure robust checks on the 'count' parameter to avoid this vulnerability.
Affected Version(s)
Linux 17f89102fe23d7389085a8820550df688f79888a
Linux 17f89102fe23d7389085a8820550df688f79888a
Linux 6.16