CVE-2025-22033

{"id": "CVE-2025-22033", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-04-16T15:15:55.923", "references": [{"url": "https://git.kernel.org/stable/c/2df8ee605eb6806cd41c2095306db05206633a08", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/617a4b0084a547917669fef2b54253cc9c064990", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c28f31deeacda307acfee2f18c0ad904e5123aac", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cf187601053ecaf671ae645edb898901f81d03e9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ecf798573bbe0805803f7764e12a34b4bcc65074", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fa2a9f625f185c6acb4ee5be8d71359a567afac9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: Don't call NULL in do_compat_alignment_fixup()\n\ndo_alignment_t32_to_handler() only fixes up alignment faults for\nspecific instructions; it returns NULL otherwise (e.g. LDREX). When\nthat's the case, signal to the caller that it needs to proceed with the\nregular alignment fault handling (i.e. SIGBUS). Without this patch, the\nkernel panics:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Mem abort info:\n ESR = 0x0000000086000006\n EC = 0x21: IABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000\n [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000\n Internal error: Oops: 0000000086000006 [#1] SMP\n Modules linked in: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa>\n libcrc32c crc32c_generic raid0 multipath linear dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c>\n CPU: 2 PID: 3932954 Comm: WPEWebProcess Not tainted 6.1.0-31-arm64 #1 Debian 6.1.128-1\n Hardware name: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021\n pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : 0x0\n lr : do_compat_alignment_fixup+0xd8/0x3dc\n sp : ffff80000f973dd0\n x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001\n x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : ffffaebc949bc488\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000400000 x4 : 0000fffffffffffe x3 : 0000000000000000\n x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001\n Call trace:\n 0x0\n do_alignment_fault+0x40/0x50\n do_mem_abort+0x4c/0xa0\n el0_da+0x48/0xf0\n el0t_32_sync_handler+0x110/0x140\n el0t_32_sync+0x190/0x194\n Code: bad PC value\n ---[ end trace 0000000000000000 ]---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: No llamar a NULL en do_compat_alignment_fixup(). do_alignment_t32_to_handler() solo corrige errores de alineaci\u00f3n para instrucciones espec\u00edficas; devuelve NULL en caso contrario (por ejemplo, LDREX). En ese caso, se indica al emisor que debe continuar con la gesti\u00f3n normal de errores de alineaci\u00f3n (por ejemplo, SIGBUS). Sin este parche, el kernel entra en p\u00e1nico: No se puede gestionar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 Informaci\u00f3n de aborto de memoria: ESR = 0x0000000086000006 EC = 0x21: IABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: error de traducci\u00f3n de nivel 2 usuario pgtable: 4k p\u00e1ginas, VAs de 48 bits, pgdp=00000800164aa000 [000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000 Error interno: Ups: 0000000086000006 [#1] M\u00f3dulos SMP vinculados en: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa> libcrc32c crc32c_generic raid0 multipath lineal dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c> CPU: 2 PID: 3932954 Comm: WPEWebProcess No contaminado 6.1.0-31-arm64 #1 Debian 6.1.128-1 Nombre del hardware: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr: corregir la alineaci\u00f3n de compatibilidad+0xd8/0x3dc sp: ffff80000f973dd0 x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001 x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 000000000000000 x9: ffffaebc949bc488 x8: 000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 00000000000400000 x4 : 0000ffffffffffffe x3 : 0000000000000000 x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001 Rastreo de llamadas: 0x0 do_alignment_fault+0x40/0x50 do_mem_abort+0x4c/0xa0 el0_da+0x48/0xf0 el0t_32_sync_handler+0x110/0x140 el0t_32_sync+0x190/0x194 C\u00f3digo: valor de PC incorrecto ---[ fin de seguimiento 0000000000000000 ]---"}], "lastModified": "2025-04-29T18:57:42.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10FAA32F-8D33-4A36-8482-01961DD84A84", "versionEndExcluding": "6.1.134", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B", "versionEndExcluding": "6.6.87", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26CAB76D-F00F-43CE-BEAD-7097F8FB1D6C", "versionEndExcluding": "6.12.23", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3", "versionEndExcluding": "6.13.11", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0", "versionEndExcluding": "6.14.2", "versionStartIncluding": "6.14"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}