Volerion logoVolerion
Volerion logoVolerion

Linux Kernel AVX-512 NULL Dereference Vulnerability in x86 FPU Management

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's handling of AVX-512 status for kernel threads. This issue arises when CONFIG_X86_DEBUG_FPU is enabled, as the AVX-512 timestamp code fails to properly check for NULL values before accessing the FPU state of kernel threads. The vulnerability is present in the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

To reproduce this vulnerability, enable CONFIG_X86_DEBUG_FPU and read the AVX-512 arch status from a kernel thread. This will trigger a warning and a NULL pointer dereference, as the AVX-512 timestamp is not properly managed for kernel threads under the debug FPU configuration.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version to apply the fix.

Added: Sep 4, 2025, 4:43 PM
Updated: Sep 4, 2025, 4:43 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.