CVE - CVE-2025-38263

CVE-ID
CVE-2025-38263	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() 1. LINE#1794 - LINE#1887 is some codes about function of bch_cache_set_alloc(). 2. LINE#2078 - LINE#2142 is some codes about function of register_cache_set(). 3. register_cache_set() will call bch_cache_set_alloc() in LINE#2098. 1794 struct cache_set bch_cache_set_alloc(struct cache_sb sb) 1795 { ... 1860 if (!(c->devices = kcalloc(c->nr_uuids, sizeof(void ), GFP_KERNEL)) \|\| 1861 mempool_init_slab_pool(&c->search, 32, bch_search_cache) \|\| 1862 mempool_init_kmalloc_pool(&c->bio_meta, 2, 1863 sizeof(struct bbio) + sizeof(struct bio_vec) 1864 bucket_pages(c)) \|\| 1865 mempool_init_kmalloc_pool(&c->fill_iter, 1, iter_size) \|\| 1866 bioset_init(&c->bio_split, 4, offsetof(struct bbio, bio), 1867 BIOSET_NEED_BVECS\|BIOSET_NEED_RESCUER) \|\| 1868 !(c->uuids = alloc_bucket_pages(GFP_KERNEL, c)) \|\| 1869 !(c->moving_gc_wq = alloc_workqueue("bcache_gc", 1870 WQ_MEM_RECLAIM, 0)) \|\| 1871 bch_journal_alloc(c) \|\| 1872 bch_btree_cache_alloc(c) \|\| 1873 bch_open_buckets_alloc(c) \|\| 1874 bch_bset_sort_state_init(&c->sort, ilog2(c->btree_pages))) 1875 goto err; ^^^^^^^^ 1876 ... 1883 return c; 1884 err: 1885 bch_cache_set_unregister(c); ^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1886 return NULL; 1887 } ... 2078 static const char register_cache_set(struct cache ca) 2079 { ... 2098 c = bch_cache_set_alloc(&ca->sb); 2099 if (!c) 2100 return err; ^^^^^^^^^^ ... 2128 ca->set = c; 2129 ca->set->cache[ca->sb.nr_this_dev] = ca; ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ... 2138 return NULL; 2139 err: 2140 bch_cache_set_unregister(c); 2141 return err; 2142 } (1) If LINE#1860 - LINE#1874 is true, then do 'goto err'(LINE#1875) and call bch_cache_set_unregister()(LINE#1885). (2) As (1) return NULL(LINE#1886), LINE#2098 - LINE#2100 would return. (3) As (2) has returned, LINE#2128 - LINE#2129 would do not give the value to c->cache[], it means that c->cache[] is NULL. LINE#1624 - LINE#1665 is some codes about function of cache_set_flush(). As (1), in LINE#1885 call bch_cache_set_unregister() ---> bch_cache_set_stop() ---> closure_queue() -.-> cache_set_flush() (as below LINE#1624) 1624 static void cache_set_flush(struct closure *cl) 1625 { ... 1654 for_each_cache(ca, c, i) 1655 if (ca->alloc_thread) ^^ 1656 kthread_stop(ca->alloc_thread); ... 1665 } (4) In LINE#1655 ca is NULL(see (3)) in cache_set_flush() then the kernel crash occurred as below: [ 846.712887] bcache: register_cache() error drbd6: cannot allocate memory [ 846.713242] bcache: register_bcache() error : failed to register device [ 846.713336] bcache: cache_set_free() Cache set 2f84bdc1-498a-4f2f-98a7-01946bf54287 unregistered [ 846.713768] BUG: unable to handle kernel NULL pointer dereference at 00000000000009f8 [ 846.714790] PGD 0 P4D 0 [ 846.715129] Oops: 0000 [#1] SMP PTI [ 846.715472] CPU: 19 PID: 5057 Comm: kworker/19:16 Kdump: loaded Tainted: G OE --------- - - 4.18.0-147.5.1.el8_1.5es.3.x86_64 #1 [ 846.716082] Hardware name: ESPAN GI-25212/X11DPL-i, BIOS 2.1 06/15/2018 [ 846.716451] Workqueue: events cache_set_flush [bcache] [ 846.716808] RIP: 0010:cache_set_flush+0xc9/0x1b0 [bcache] [ 846.717155] Code: 00 4c 89 a5 b0 03 00 00 48 8b 85 68 f6 ff ff a8 08 0f 84 88 00 00 00 31 db 66 83 bd 3c f7 ff ff 00 48 8b 85 48 ff ff ff 74 28 <48> 8b b8 f8 09 00 0 ---truncated---
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/1e46ed947ec658f89f1a910d880cd05e42d3763e URL:https://git.kernel.org/stable/c/1e46ed947ec658f89f1a910d880cd05e42d3763e MISC:https://git.kernel.org/stable/c/1f25f2d3fa29325320c19a30abf787e0bd5fc91b URL:https://git.kernel.org/stable/c/1f25f2d3fa29325320c19a30abf787e0bd5fc91b MISC:https://git.kernel.org/stable/c/3f9e128186c99a117e304f1dce6d0b9e50c63cd8 URL:https://git.kernel.org/stable/c/3f9e128186c99a117e304f1dce6d0b9e50c63cd8 MISC:https://git.kernel.org/stable/c/553f560e0a74a7008ad9dba05c3fd05da296befb URL:https://git.kernel.org/stable/c/553f560e0a74a7008ad9dba05c3fd05da296befb MISC:https://git.kernel.org/stable/c/667c3f52373ff5354cb3543e27237eb7df7b2333 URL:https://git.kernel.org/stable/c/667c3f52373ff5354cb3543e27237eb7df7b2333 MISC:https://git.kernel.org/stable/c/c4f5e7e417034b05f5d2f5fa9a872db897da69bd URL:https://git.kernel.org/stable/c/c4f5e7e417034b05f5d2f5fa9a872db897da69bd
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)