{"id":"AZL-66893","summary":"CVE-2025-38704 affecting package kernel 6.6.126.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix possible invalid rdp's-\u003enocb_cb_kthread pointer access\n\nIn the preparation stage of CPU online, if the corresponding\nthe rdp's-\u003enocb_cb_kthread does not exist, will be created,\nthere is a situation where the rdp's rcuop kthreads creation fails,\nand then de-offload this CPU's rdp, does not assign this CPU's\nrdp-\u003enocb_cb_kthread pointer, but this rdp's-\u003enocb_gp_rdp and\nrdp's-\u003erdp_gp-\u003enocb_gp_kthread is still valid.\n\nThis will cause the subsequent re-offload operation of this offline\nCPU, which will pass the conditional check and the kthread_unpark()\nwill access invalid rdp's-\u003enocb_cb_kthread pointer.\n\nThis commit therefore use rdp's-\u003enocb_gp_kthread instead of\nrdp_gp's-\u003enocb_gp_kthread for safety check.","modified":"2026-04-01T05:21:47.900296Z","published":"2025-09-04T16:15:39Z","upstream":["CVE-2025-38704"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38704"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"6.6.126.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66893.json"}}],"schema_version":"1.7.5"}