CVE-2025-38704

In the preparation stage of CPU online, if the corresponding the rdp's->nocbcbkthread does not exist, will be created, there is a situation where the rdp's rcuop kthreads creation fails, and then de-offload this CPU's rdp, does not assign this CPU's rdp->nocbcbkthread pointer, but this rdp's->nocbgprdp and rdp's->rdpgp->nocbgp_kthread is still valid.

This will cause the subsequent re-offload operation of this offline CPU, which will pass the conditional check and the kthreadunpark() will access invalid rdp's->nocbcb_kthread pointer.

This commit therefore use rdp's->nocbgpkthread instead of rdpgp's->nocbgp_kthread for safety check.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38704.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3a5761dc025da47960755ac64d9fbf1c32e8cd80

Fixed

b097ae798298885695c339d390b48b4e39619fa7

Fixed

3da45ec1e485a1a5ad31fe9ddd467c7ee5ae4ef9

Fixed

cce3d027227c69e85896af9fbc6fa9af5c68f067

Fixed

1c951683a720b17c9ecaad1932bc95b29044611f

Fixed

9b5ec8e6b31755288a07b3abeeab8cd38e9d3c9d

Fixed

1bba3900ca18bdae28d1b9fa10f16a8f8cb2ada1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38704.json"