ghsa-2j25-8cwq-vgvc
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Fix NULL dereference in avx512_status()
Problem
With CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status causes a warning and a NULL pointer dereference.
This is because the AVX-512 timestamp code uses x86_task_fpu() but doesn't check it for NULL. CONFIG_X86_DEBUG_FPU addles that function for kernel threads (PF_KTHREAD specifically), making it return NULL.
The point of the warning was to ensure that kernel threads only access task->fpu after going through kernel_fpu_begin()/_end(). Note: all kernel tasks exposed in /proc have a valid task->fpu.
Solution
One option is to silence the warning and check for NULL from x86_task_fpu(). However, that warning is fairly fresh and seems like a defense against misuse of the FPU state in kernel threads.
Instead, stop outputting AVX-512_elapsed_ms for kernel threads altogether. The data was garbage anyway because avx512_timestamp is only updated for user threads, not kernel threads.
If anyone ever wants to track kernel thread AVX-512 use, they can come back later and do it properly, separate from this bug fix.
[ dhansen: mostly rewrite changelog ]
{
"affected": [],
"aliases": [
"CVE-2025-38689"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T16:15:37Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Fix NULL dereference in avx512_status()\n\nProblem\n-------\nWith CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status\ncauses a warning and a NULL pointer dereference.\n\nThis is because the AVX-512 timestamp code uses x86_task_fpu() but\ndoesn\u0027t check it for NULL. CONFIG_X86_DEBUG_FPU addles that function\nfor kernel threads (PF_KTHREAD specifically), making it return NULL.\n\nThe point of the warning was to ensure that kernel threads only access\ntask-\u003efpu after going through kernel_fpu_begin()/_end(). Note: all\nkernel tasks exposed in /proc have a valid task-\u003efpu.\n\nSolution\n--------\nOne option is to silence the warning and check for NULL from\nx86_task_fpu(). However, that warning is fairly fresh and seems like a\ndefense against misuse of the FPU state in kernel threads.\n\nInstead, stop outputting AVX-512_elapsed_ms for kernel threads\naltogether. The data was garbage anyway because avx512_timestamp is\nonly updated for user threads, not kernel threads.\n\nIf anyone ever wants to track kernel thread AVX-512 use, they can come\nback later and do it properly, separate from this bug fix.\n\n[ dhansen: mostly rewrite changelog ]",
"id": "GHSA-2j25-8cwq-vgvc",
"modified": "2025-09-05T18:31:15Z",
"published": "2025-09-05T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38689"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ca887e81095b99d890a8878841f36f4920181e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/31cd31c9e17ece125aad27259501a2af69ccb020"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.