Main Vulnerability Database SB20251028102

SB20251028102 - NULL pointer dereference in Linux kernel trace

Published: October 28, 2025

Security Bulletin ID SB20251028102

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2025-40042)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the uprobe_dispatcher() and uretprobe_dispatcher() functions in kernel/trace/trace_uprobe.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/0fa388ab2c290ef1115ff88ae88e881d0fb2db02
https://git.kernel.org/stable/c/1a301228c0a8aedc3154fb1a274456f487416b96
https://git.kernel.org/stable/c/5ebea6561649d30ec7a18fea23d7f76738dae916
https://git.kernel.org/stable/c/95dd33361061f808d1f68616d69ada639e737cfa
https://git.kernel.org/stable/c/9cf9aa7b0acfde7545c1a1d912576e9bab28dc6f
https://git.kernel.org/stable/c/a6e89ada1ff6b70df73f579071ffa6ade8ae7f98