{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38704","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.032Z","datePublished":"2025-09-04T15:32:55.718Z","dateUpdated":"2026-05-11T21:33:22.349Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:33:22.349Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access\n\nIn the preparation stage of CPU online, if the corresponding\nthe rdp's->nocb_cb_kthread does not exist, will be created,\nthere is a situation where the rdp's rcuop kthreads creation fails,\nand then de-offload this CPU's rdp, does not assign this CPU's\nrdp->nocb_cb_kthread pointer, but this rdp's->nocb_gp_rdp and\nrdp's->rdp_gp->nocb_gp_kthread is still valid.\n\nThis will cause the subsequent re-offload operation of this offline\nCPU, which will pass the conditional check and the kthread_unpark()\nwill access invalid rdp's->nocb_cb_kthread pointer.\n\nThis commit therefore use rdp's->nocb_gp_kthread instead of\nrdp_gp's->nocb_gp_kthread for safety check."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/rcu/tree_nocb.h"],"versions":[{"version":"3a5761dc025da47960755ac64d9fbf1c32e8cd80","lessThan":"b097ae798298885695c339d390b48b4e39619fa7","status":"affected","versionType":"git"},{"version":"3a5761dc025da47960755ac64d9fbf1c32e8cd80","lessThan":"3da45ec1e485a1a5ad31fe9ddd467c7ee5ae4ef9","status":"affected","versionType":"git"},{"version":"3a5761dc025da47960755ac64d9fbf1c32e8cd80","lessThan":"cce3d027227c69e85896af9fbc6fa9af5c68f067","status":"affected","versionType":"git"},{"version":"3a5761dc025da47960755ac64d9fbf1c32e8cd80","lessThan":"1c951683a720b17c9ecaad1932bc95b29044611f","status":"affected","versionType":"git"},{"version":"3a5761dc025da47960755ac64d9fbf1c32e8cd80","lessThan":"9b5ec8e6b31755288a07b3abeeab8cd38e9d3c9d","status":"affected","versionType":"git"},{"version":"3a5761dc025da47960755ac64d9fbf1c32e8cd80","lessThan":"1bba3900ca18bdae28d1b9fa10f16a8f8cb2ada1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/rcu/tree_nocb.h"],"versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","status":"unaffected","versionType":"semver"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.43","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.11","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16.2","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.12.43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.15.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.16.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b097ae798298885695c339d390b48b4e39619fa7"},{"url":"https://git.kernel.org/stable/c/3da45ec1e485a1a5ad31fe9ddd467c7ee5ae4ef9"},{"url":"https://git.kernel.org/stable/c/cce3d027227c69e85896af9fbc6fa9af5c68f067"},{"url":"https://git.kernel.org/stable/c/1c951683a720b17c9ecaad1932bc95b29044611f"},{"url":"https://git.kernel.org/stable/c/9b5ec8e6b31755288a07b3abeeab8cd38e9d3c9d"},{"url":"https://git.kernel.org/stable/c/1bba3900ca18bdae28d1b9fa10f16a8f8cb2ada1"}],"title":"rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access","x_generator":{"engine":"bippy-1.2.0"}}}}