{
  "public_date" : "2025-09-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO",
    "id" : "2393199",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2393199"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nMIPS: Don't crash in stack_top() for tasks without ABI or vDSO\nNot all tasks have an ABI associated or vDSO mapped,\nfor example kthreads never do.\nIf such a task ever ends up calling stack_top(), it will derefence the\nNULL ABI pointer and crash.\nThis can for example happen when using kunit:\nmips_stack_top+0x28/0xc0\narch_pick_mmap_layout+0x190/0x220\nkunit_vm_mmap_init+0xf8/0x138\n__kunit_add_resource+0x40/0xa8\nkunit_vm_mmap+0x88/0xd8\nusercopy_test_init+0xb8/0x240\nkunit_try_run_case+0x5c/0x1a8\nkunit_generic_run_threadfn_adapter+0x28/0x50\nkthread+0x118/0x240\nret_from_kernel_thread+0x14/0x1c\nOnly dereference the ABI point if it is set.\nThe GIC page is also included as it is specific to the vDSO.\nAlso move the randomization adjustment into the same conditional." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38696\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38696\nhttps://lore.kernel.org/linux-cve-announce/2025090451-CVE-2025-38696-4ec2@gregkh/T" ],
  "name" : "CVE-2025-38696",
  "csaw" : false
}