fkie_cve-2025-38689
Vulnerability from fkie_nvd
Published
2025-09-04 16:15
Modified
2025-09-05 17:47
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512_status() Problem ------- With CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses x86_task_fpu() but doesn't check it for NULL. CONFIG_X86_DEBUG_FPU addles that function for kernel threads (PF_KTHREAD specifically), making it return NULL. The point of the warning was to ensure that kernel threads only access task->fpu after going through kernel_fpu_begin()/_end(). Note: all kernel tasks exposed in /proc have a valid task->fpu. Solution -------- One option is to silence the warning and check for NULL from x86_task_fpu(). However, that warning is fairly fresh and seems like a defense against misuse of the FPU state in kernel threads. Instead, stop outputting AVX-512_elapsed_ms for kernel threads altogether. The data was garbage anyway because avx512_timestamp is only updated for user threads, not kernel threads. If anyone ever wants to track kernel thread AVX-512 use, they can come back later and do it properly, separate from this bug fix. [ dhansen: mostly rewrite changelog ]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2ca887e81095b99d890a8878841f36f4920181e6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/31cd31c9e17ece125aad27259501a2af69ccb020
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Fix NULL dereference in avx512_status()\n\nProblem\n-------\nWith CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status\ncauses a warning and a NULL pointer dereference.\n\nThis is because the AVX-512 timestamp code uses x86_task_fpu() but\ndoesn\u0027t check it for NULL. CONFIG_X86_DEBUG_FPU addles that function\nfor kernel threads (PF_KTHREAD specifically), making it return NULL.\n\nThe point of the warning was to ensure that kernel threads only access\ntask-\u003efpu after going through kernel_fpu_begin()/_end(). Note: all\nkernel tasks exposed in /proc have a valid task-\u003efpu.\n\nSolution\n--------\nOne option is to silence the warning and check for NULL from\nx86_task_fpu(). However, that warning is fairly fresh and seems like a\ndefense against misuse of the FPU state in kernel threads.\n\nInstead, stop outputting AVX-512_elapsed_ms for kernel threads\naltogether. The data was garbage anyway because avx512_timestamp is\nonly updated for user threads, not kernel threads.\n\nIf anyone ever wants to track kernel thread AVX-512 use, they can come\nback later and do it properly, separate from this bug fix.\n\n[ dhansen: mostly rewrite changelog ]"
    }
  ],
  "id": "CVE-2025-38689",
  "lastModified": "2025-09-05T17:47:24.833",
  "metrics": {},
  "published": "2025-09-04T16:15:37.013",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2ca887e81095b99d890a8878841f36f4920181e6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/31cd31c9e17ece125aad27259501a2af69ccb020"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.