Linux kernel
Moderate fix1 remedy
cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*, +4 more
Moderate fix1 remedy
- >= 6.17.0-rc1-00001-gabb4b3daf18c-dirty, < 6.17.0-rc1-00001-g760c6dabf762-dirty
- ~6.17.0-rc1-00001
Linux Kernel Uninitialized Memory Nodes Vulnerability Causes Kernel Panic
Vulnerability
Patched
A vulnerability in the Linux kernel's handling of memory-only NUMA nodes (nodes without CPUs) can lead to a kernel panic during boot. The issue arises because these memory-only nodes are not properly initialized. When the kernel's memory management system attempts to access data for these uninitialized nodes, a NULL pointer dereference occurs, causing the panic. This vulnerability can be reproduced on ARM64 QEMU with a specific configuration of CPU and memory nodes.
Impact
Exploitation of this vulnerability leads to a kernel panic, causing the system to become unresponsive and fail to boot properly.
Reproduction
The vulnerability can be reproduced on an ARM64 QEMU virtual machine with 1 CPU and 2 memory nodes. The QEMU command should include options to specify the CPU, memory size, machine type, and NUMA node configuration. The kernel image and disk must also be specified.
Remediation
Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.
Added: Oct 1, 2025, 8:41 AM
Updated: Oct 1, 2025, 8:41 AM
Vulnerability Rating
Custom Algorithm
spread
9.0impact
2.5exploitability
4.3remediation
7.7relevance
0.6threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.