Bug 2393199 (CVE-2025-38696) - CVE-2025-38696 kernel: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Summary: CVE-2025-38696 kernel: MIPS: Don't crash in stack_top() for tasks without ABI...
Keywords:
Status: NEW
Alias: CVE-2025-38696
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-04 16:04 UTC by OSIDB Bzimport
Modified: 2025-09-04 17:27 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-09-04 16:04:36 UTC 
In the Linux kernel, the following vulnerability has been resolved:

MIPS: Don't crash in stack_top() for tasks without ABI or vDSO

Not all tasks have an ABI associated or vDSO mapped,
for example kthreads never do.
If such a task ever ends up calling stack_top(), it will derefence the
NULL ABI pointer and crash.

This can for example happen when using kunit:

    mips_stack_top+0x28/0xc0
    arch_pick_mmap_layout+0x190/0x220
    kunit_vm_mmap_init+0xf8/0x138
    __kunit_add_resource+0x40/0xa8
    kunit_vm_mmap+0x88/0xd8
    usercopy_test_init+0xb8/0x240
    kunit_try_run_case+0x5c/0x1a8
    kunit_generic_run_threadfn_adapter+0x28/0x50
    kthread+0x118/0x240
    ret_from_kernel_thread+0x14/0x1c

Only dereference the ABI point if it is set.

The GIC page is also included as it is specific to the vDSO.
Also move the randomization adjustment into the same conditional.
Comment 1 Jon Moroney 2025-09-04 17:25:19 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38696-4ec2@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.