RHEL-9.6: CVE-2025-37750 Kernel panic during a CIFS mount
Issue
- What is CVE-2025:37750?
- Kernel panic with logs:
[130462.394364] CIFS: enabling forceuid mount option implicitly because uid= option is specified
[130462.394367] CIFS: enabling forcegid mount option implicitly because gid= option is specified
[130462.394369] CIFS: Attempting to mount //abc.de.fg.hi.COM/jk-lm-no-01
[130462.443127] CIFS: VFS: \\abc.de.fg.hi.COM failed to connect to IPC (rc=-115)
[130462.443150] CIFS: VFS: session 00000000bf0f68bc has no tcon available for a dfs referral request
[130462.443158] BUG: kernel NULL pointer dereference, address: 0000000000000000
[130462.443160] #PF: supervisor instruction fetch in kernel mode
[130462.443161] #PF: error_code(0x0010) - not-present page
[130462.443162] PGD 0
[130462.443163] Oops: 0010 [#1] PREEMPT SMP NOPTI
[130462.443164] CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Not tainted 5.14.0-570.21.1.el9_6.x86_64 #1
[130462.443166] Hardware name: Supermicro SYS-121C-TN10R/X13DDW-A, BIOS 2.4 09/23/2024
[130462.443171] CIFS: VFS: cifs_mount failed w/return code = -115
[130462.443166] RIP: 0010:0x0
[130462.443179] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[130462.443180] RSP: 0018:ff613bedc00fced0 EFLAGS: 00010246
[130462.443181] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffffc0abbca0
[130462.443182] RDX: ff487ee90b0abdc0 RSI: ff487f098d0b89a8 RDI: ff487ee9b9647400
[130462.443182] RBP: 0000000000000000 R08: 0000000000000001 R09: fc837170679e04d7
[130462.443183] R10: ffffffff8b2060c0 R11: ff613bedc00f0001 R12: ff487ee90c9aa060
[130462.443183] R13: ff487ee90b0abdc0 R14: ff487ee9b9647400 R15: 0000000000000002
[130462.443184] FS: 0000000000000000(0000) GS:ff487f07ff840000(0000) knlGS:0000000000000000
[130462.443185] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[130462.443186] CR2: ffffffffffffffd6 CR3: 00000011f7810002 CR4: 0000000000773ef0
[130462.443187] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[130462.443187] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[130462.443188] PKRU: 55555554
[130462.443188] Call Trace:
[130462.443189] <IRQ>
[130462.443194] ? show_trace_log_lvl+0x1c4/0x2df
[130462.443200] ? show_trace_log_lvl+0x1c4/0x2df
[130462.443206] ? qat_alg_callback+0x1a/0x30 [intel_qat]
[130462.443233] ? __die_body.cold+0x8/0xd
[130462.443235] ? page_fault_oops+0x134/0x170
[130462.443241] ? exc_page_fault+0x62/0x150
[130462.443246] ? asm_exc_page_fault+0x22/0x30
[130462.443250] ? __pfx_qat_alg_callback+0x10/0x10 [intel_qat]
[130462.443266] qat_alg_callback+0x1a/0x30 [intel_qat]
[130462.443278] adf_ring_response_handler+0xb6/0x170 [intel_qat]
[130462.443293] adf_response_handler+0x17/0x40 [intel_qat]
[130462.443306] tasklet_action_common.constprop.0+0x117/0x120
[130462.443311] handle_softirqs+0xce/0x270
[130462.443315] __irq_exit_rcu+0xa3/0xc0
[130462.443317] common_interrupt+0x80/0xa0
[130462.443320] </IRQ>
[130462.443320] <TASK>
[130462.443321] asm_common_interrupt+0x22/0x40
[130462.443322] RIP: 0010:cpuidle_enter_state+0xbc/0x420
[130462.443324] Code: e6 01 00 00 e8 75 32 46 ff e8 90 ed ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 91 fc 44 ff 45 84 ff 0f 85 3f 01 00 00 fb 45 85 f6 <0f> 88 a0 01 00 00 49 63 d6 4c 2b 2c 24 48 8d 04 52 48 8d 04 82 49
[130462.443325] RSP: 0018:ff613bedc057be80 EFLAGS: 00000206
[130462.443326] RAX: ff487f07ff8738c0 RBX: 0000000000000003 RCX: 000000000000001f
[130462.443326] RDX: 0000000000000000 RSI: 0000000040000000 RDI: 0000000000000000
[130462.443327] RBP: ff487f07ff87f3f8 R08: 000076a7a794a48e R09: 0000000000000007
[130462.443328] R10: 0000000000000006 R11: ff487f07ff871b24 R12: ffffffff8b6d0a80
[130462.443328] R13: 000076a7a794a48e R14: 0000000000000003 R15: 0000000000000000
[130462.443335] cpuidle_enter+0x29/0x40
[130462.443339] cpuidle_idle_call+0xfa/0x160
[130462.443343] do_idle+0x7b/0xe0
[130462.443344] cpu_startup_entry+0x26/0x30
[130462.443346] start_secondary+0x115/0x140
[130462.443349] secondary_startup_64_no_verify+0x187/0x18b
[130462.443356] </TASK>
[130462.443357] Modules linked in: loop binfmt_misc nfsv3 nfs_acl nfs lockd grace fscache netfs nls_utf8 cifs cifs_arc4 rdma_cm iw_cm ib_cm ib_core cifs_md4 dns_resolver bonding tls vfat fat ipmi_ssif intel_rapl_msr intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common intel_ifs i10nm_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm rapl intel_cstate pmt_telemetry iTCO_wdt iTCO_vendor_support pmt_class intel_sdsi ses enclosure mei_me isst_if_mmio isst_if_mbox_pci pcspkr scsi_transport_sas intel_uncore mei isst_if_common intel_vsec i2c_i801 i2c_ismt i2c_smbus acpi_power_meter ipmi_si acpi_ipmi ipmi_devintf ipmi_msghandler acpi_pad joydev pfr_update pfr_telemetry auth_rpcgss sunrpc xfs libcrc32c dm_crypt sd_mod sg ast i2c_algo_bit drm_shmem_helper drm_kms_helper ahci iaa_crypto qat_4xxx libahci drm ixgbe crct10dif_pclmul intel_qat crc32_pclmul crc32c_intel libata megaraid_sas idxd ghash_clmulni_intel rfkill mdio idxd_bus crc8 dca wmi pinctrl_emmitsburg rndis_host cdc_ether
[130462.443396] usbnet mii dm_mirror dm_region_hash dm_log dm_mod fuse
[130462.443399] CR2: 0000000000000000
Environment
- Red Hat Enterprise Linux 9.6
kernel-5.14.0-570.21.1.el9_6or prior version in RHEL-9.6.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
