CVE-2025-38408
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: genirq/irq_sim: Initialize work context pointers properly Initialize `ops` member's pointers properly by using kzalloc() instead of kmalloc() when allocating the simulation work context. Otherwise the pointers contain random content leading to invalid dereferencing.
Analysis
A null pointer dereference vulnerability exists in the Linux kernel's interrupt simulation (genirq/irq_sim) subsystem where uninitialized pointers in the work context can be dereferenced, leading to kernel denial of service. The vulnerability affects Linux kernel versions including 6.16-rc1 and 6.16-rc2, and potentially earlier stable releases. A local attacker with unprivileged user privileges can trigger a kernel crash by invoking interrupt simulation functionality, causing system unavailability. Patches are available from the Linux kernel stable repositories, and exploitation probability is low (EPSS 0.02%, percentile 6%) despite the moderate CVSS score of 5.5.
Technical Context
The vulnerability resides in the generic interrupt request (genirq) simulation framework within the Linux kernel, specifically in the irq_sim subsystem used for testing and simulating interrupt handlers. The root cause is classified under CWE-476 (Null Pointer Dereference), which occurs because the code allocates memory for the simulation work context using kmalloc() instead of kzalloc(). The kmalloc() function returns uninitialized memory containing arbitrary data, while kzalloc() allocates zeroed memory. When the ops member (containing function pointers) within this context is not zeroed, subsequent code attempts to dereference these invalid pointers, triggering a null pointer exception or wild pointer dereference. Affected Linux kernel versions span multiple stable branches (CPE cpe:2.3:o:linux:linux_kernel with versions 6.16-rc1, 6.16-rc2, and potentially earlier stable kernels), impacting any system with interrupt simulation capabilities compiled into the kernel.
Affected Products
The Linux kernel is affected across multiple versions and stable branches, specifically including Linux kernel 6.16-rc1 and 6.16-rc2 as confirmed by CPE cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* and cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*. Additionally, broader CPE designations (cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*) indicate that earlier stable kernel versions may be vulnerable depending on when the irq_sim initialization bug was introduced. The vulnerability is specific to kernel configurations where interrupt simulation (CONFIG_IRQ_SIM or related) is compiled in, which is common in development kernels and some distribution builds. Stable patches are available from the Linux kernel git repository as referenced in the official NVD patch links.
Remediation
Apply the available kernel patches immediately by updating to a patched stable kernel version. Six commits are available in the Linux kernel stable repositories: commit 186df821de0f34490ed5fc0861243748b2483861, 19bd7597858dd15802c1d99fcc38e528f469080a, 7f73d1def72532bac4d55ea8838f457a6bed955c, 8a2277a3c9e4cc5398f80821afe7ecbe9bdf2819, c71aa4bb528ae6f8fd7577a0a39e5a03c60b04fb, and ec3656a8cb428d763def32bc2fa695f94be23629 (see https://git.kernel.org/stable/ for access). The fix is straightforward: rebuild and deploy a kernel version containing these patches, or selectively backport the genirq/irq_sim initialization fix (changing kmalloc to kzalloc in the work context allocation). For systems that cannot immediately patch, disable interrupt simulation support in the kernel configuration (unset CONFIG_IRQ_SIM) if the functionality is not required, and restrict unprivileged user access to interrupt simulation interfaces via SELinux, AppArmor, or seccomp rules if supported by the distribution.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today