CVE-2025-38689
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Fix NULL dereference in avx512_status()
Problem
With CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status causes a warning and a NULL pointer dereference.
This is because the AVX-512 timestamp code uses x86_task_fpu() but doesn't check it for NULL. CONFIG_X86_DEBUG_FPU addles that function for kernel threads (PF_KTHREAD specifically), making it return NULL.
The point of the warning was to ensure that kernel threads only access task->fpu after going through kernel_fpu_begin()/_end(). Note: all kernel tasks exposed in /proc have a valid task->fpu.
Solution
One option is to silence the warning and check for NULL from x86_task_fpu(). However, that warning is fairly fresh and seems like a defense against misuse of the FPU state in kernel threads.
Instead, stop outputting AVX-512_elapsed_ms for kernel threads altogether. The data was garbage anyway because avx512_timestamp is only updated for user threads, not kernel threads.
If anyone ever wants to track kernel thread AVX-512 use, they can come back later and do it properly, separate from this bug fix.
[ dhansen: mostly rewrite changelog ]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 22aafe3bcb67472effdea1ccf0df20280192bbaf < 2ca887e81095b99d890a8878841f36f4920181e6 | affected |
| Linux | Linux | 22aafe3bcb67472effdea1ccf0df20280192bbaf < 31cd31c9e17ece125aad27259501a2af69ccb020 | affected |
| Linux | Linux | 6.16 | affected |
| Linux | Linux | 0 < 6.16 | unaffected |
| Linux | Linux | 6.16.2 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/2ca887e81095b99d890a8878841f36f4920181e6
- https://git.kernel.org/stable/c/31cd31c9e17ece125aad27259501a2af69ccb020
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.