CVE-2025-22033

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22033
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22033.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22033
Downstream
Related
Published
2025-04-16T14:11:52Z
Modified
2025-10-17T23:37:24.136339Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
arm64: Don't call NULL in do_compat_alignment_fixup()
Details

In the Linux kernel, the following vulnerability has been resolved:

arm64: Don't call NULL in docompatalignment_fixup()

doalignmentt32tohandler() only fixes up alignment faults for specific instructions; it returns NULL otherwise (e.g. LDREX). When that's the case, signal to the caller that it needs to proceed with the regular alignment fault handling (i.e. SIGBUS). Without this patch, the kernel panics:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000006 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000 [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000 Internal error: Oops: 0000000086000006 [#1] SMP Modules linked in: cfg80211 rfkill xtnat xttcpudp xtconntrack nftchainnat xtMASQUERADE nfnat nfconntracknetlink nfconntrack nfdefragipv6 nfdefragipv4 xfrmuser xfrmalgo xtaddrtype nftcompat brnetfilter veth nvmefa> libcrc32c crc32cgeneric raid0 multipath linear dmmod dax raid1 mdmod xhcipci nvme xhcihcd nvmecore t10pi usbcore igb crc64rocksoft crc64 crct10dif crct10difgeneric crct10difce crct10difcommon usbcommon i2calgobit i2c> CPU: 2 PID: 3932954 Comm: WPEWebProcess Not tainted 6.1.0-31-arm64 #1 Debian 6.1.128-1 Hardware name: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : docompatalignmentfixup+0xd8/0x3dc sp : ffff80000f973dd0 x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001 x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : ffffaebc949bc488 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000400000 x4 : 0000fffffffffffe x3 : 0000000000000000 x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001 Call trace: 0x0 doalignmentfault+0x40/0x50 domemabort+0x4c/0xa0 el0da+0x48/0xf0 el0t32synchandler+0x110/0x140 el0t32sync+0x190/0x194 Code: bad PC value ---[ end trace 0000000000000000 ]---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3fc24ef32d3b9368f4c103dcd21d6a3f959b4870
Fixed
cf187601053ecaf671ae645edb898901f81d03e9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3fc24ef32d3b9368f4c103dcd21d6a3f959b4870
Fixed
617a4b0084a547917669fef2b54253cc9c064990
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3fc24ef32d3b9368f4c103dcd21d6a3f959b4870
Fixed
2df8ee605eb6806cd41c2095306db05206633a08
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3fc24ef32d3b9368f4c103dcd21d6a3f959b4870
Fixed
fa2a9f625f185c6acb4ee5be8d71359a567afac9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3fc24ef32d3b9368f4c103dcd21d6a3f959b4870
Fixed
ecf798573bbe0805803f7764e12a34b4bcc65074
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3fc24ef32d3b9368f4c103dcd21d6a3f959b4870
Fixed
c28f31deeacda307acfee2f18c0ad904e5123aac

Affected versions

v6.*

v6.0
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.100
v6.1.101
v6.1.102
v6.1.103
v6.1.104
v6.1.105
v6.1.106
v6.1.107
v6.1.108
v6.1.109
v6.1.11
v6.1.110
v6.1.111
v6.1.112
v6.1.113
v6.1.114
v6.1.115
v6.1.116
v6.1.117
v6.1.118
v6.1.119
v6.1.12
v6.1.120
v6.1.121
v6.1.122
v6.1.123
v6.1.124
v6.1.125
v6.1.126
v6.1.127
v6.1.128
v6.1.129
v6.1.13
v6.1.130
v6.1.131
v6.1.132
v6.1.133
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.1.98
v6.1.99
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.10
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.13.9
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "244593731416052810457808977211382732922",
            "length": 1402.0
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c",
            "function": "do_compat_alignment_fixup"
        },
        "id": "CVE-2025-22033-2c3a14af",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2df8ee605eb6806cd41c2095306db05206633a08",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "244593731416052810457808977211382732922",
            "length": 1402.0
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c",
            "function": "do_compat_alignment_fixup"
        },
        "id": "CVE-2025-22033-32bb90e4",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ecf798573bbe0805803f7764e12a34b4bcc65074",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "37777805664014999502820810859014801403",
                "33109629880746511912110209861456282661",
                "184104700681382827749257751127315790421"
            ]
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c"
        },
        "id": "CVE-2025-22033-448136fe",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@617a4b0084a547917669fef2b54253cc9c064990",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "37777805664014999502820810859014801403",
                "33109629880746511912110209861456282661",
                "184104700681382827749257751127315790421"
            ]
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c"
        },
        "id": "CVE-2025-22033-51adee44",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2df8ee605eb6806cd41c2095306db05206633a08",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "37777805664014999502820810859014801403",
                "33109629880746511912110209861456282661",
                "184104700681382827749257751127315790421"
            ]
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c"
        },
        "id": "CVE-2025-22033-5c48e676",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c28f31deeacda307acfee2f18c0ad904e5123aac",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "function_hash": "244593731416052810457808977211382732922",
            "length": 1402.0
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c",
            "function": "do_compat_alignment_fixup"
        },
        "id": "CVE-2025-22033-66ade11d",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf187601053ecaf671ae645edb898901f81d03e9",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "37777805664014999502820810859014801403",
                "33109629880746511912110209861456282661",
                "184104700681382827749257751127315790421"
            ]
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c"
        },
        "id": "CVE-2025-22033-89d296a4",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa2a9f625f185c6acb4ee5be8d71359a567afac9",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "function_hash": "244593731416052810457808977211382732922",
            "length": 1402.0
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c",
            "function": "do_compat_alignment_fixup"
        },
        "id": "CVE-2025-22033-be3b231b",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c28f31deeacda307acfee2f18c0ad904e5123aac",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "244593731416052810457808977211382732922",
            "length": 1402.0
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c",
            "function": "do_compat_alignment_fixup"
        },
        "id": "CVE-2025-22033-d2f21fe1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@617a4b0084a547917669fef2b54253cc9c064990",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "244593731416052810457808977211382732922",
            "length": 1402.0
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c",
            "function": "do_compat_alignment_fixup"
        },
        "id": "CVE-2025-22033-de60da27",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa2a9f625f185c6acb4ee5be8d71359a567afac9",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "37777805664014999502820810859014801403",
                "33109629880746511912110209861456282661",
                "184104700681382827749257751127315790421"
            ]
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c"
        },
        "id": "CVE-2025-22033-e436c41d",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf187601053ecaf671ae645edb898901f81d03e9",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "37777805664014999502820810859014801403",
                "33109629880746511912110209861456282661",
                "184104700681382827749257751127315790421"
            ]
        },
        "target": {
            "file": "arch/arm64/kernel/compat_alignment.c"
        },
        "id": "CVE-2025-22033-e4eefc94",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ecf798573bbe0805803f7764e12a34b4bcc65074",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.1.0
Fixed
6.1.134
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.87
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.23
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.11
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.2