#VU111557 NULL pointer dereference in Linux kernel - CVE-2025-38034


Vulnerability identifier: #VU111557

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38034

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0528bba48dce7820d2da72e1a114e1c4552367eb
https://git.kernel.org/stable/c/137bfa08c6441f324d00692d1e9d22cfd773329b
https://git.kernel.org/stable/c/5755b6731655e248c4f1d52a2e1b18795b4a2a3a
https://git.kernel.org/stable/c/7a97f961a568a8f72472dc804af02a0f73152c5f
https://git.kernel.org/stable/c/7f7c8c03feba5f2454792fab3bb8bd45bd6883f9
https://git.kernel.org/stable/c/a641154cedf9d69730f8af5d0a901fe86e6486bd
https://git.kernel.org/stable/c/a876703894a6dd6e8c04b0635d86e9f7a7c81b79
https://git.kernel.org/stable/c/bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 24.03 LTS SP2 update for kernel
openEuler 24.03 LTS update for kernel
openEuler 24.03 LTS SP1 update for kernel
NULL pointer dereference in Linux kernel trace events