#VU114822 NULL pointer dereference in Linux kernel - CVE-2025-38696
Published: September 4, 2025
Vulnerability identifier: #VU114822
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38696
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mips_stack_top() function in arch/mips/kernel/process.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/24d098b6f69b0aa806ffcb3e18259bee31650b28
- https://git.kernel.org/stable/c/5b6839b572b503609b9b58bc6c04a816eefa0794
- https://git.kernel.org/stable/c/82d140f6aab5e89a9d3972697a0dbe1498752d9b
- https://git.kernel.org/stable/c/ab18e48a503230d675e824a0d68a108bdff42503
- https://git.kernel.org/stable/c/bd90dbd196831f5c2620736dc221db2634cf1e8e
- https://git.kernel.org/stable/c/cddf47d20b0325dc8a4e57b833fe96e8f36c42a4
- https://git.kernel.org/stable/c/e78033e59444d257d095b73ce5d20625294f6ec2
- https://git.kernel.org/stable/c/e9f4a6b3421e936c3ee9d74710243897d74dbaa2
- https://git.kernel.org/stable/c/f22de2027b206ddfb8a075800bb5d0dacf2da4b8