DEBIAN-CVE-2025-39887

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist() A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm: osnoisecpus Not tainted 6.17.0-rc4-00201-gd69eb204c255 #138 PREEMPT(voluntary) RIP: 0010:bitmapparselist+0x53/0x3e0 Call Trace: <TASK> osnoisecpuswrite+0x7a/0x190 vfswrite+0xf8/0x410 ? dosysopenat2+0x88/0xd0 ksyswrite+0x60/0xd0 dosyscall64+0xa4/0x260 entrySYSCALL64afterhwframe+0x77/0x7f </TASK> This issue can be reproduced by below code: fd=open("/sys/kernel/debug/tracing/osnoise/cpus", OWRONLY); write(fd, "0-2", 0); When user pass 'count=0' to osnoisecpuswrite(), kmalloc() will return ZEROSIZEPTR (16) and cpulist_parse() treat it as a normal value, which trigger the null pointer dereference. Add check for the parameter 'count'.