CVE-2025-38067 The advisory has been revoked - it doesn't affect any version of package kernel (opens in a new tab)
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-AMZN2023-KERNEL-11482588
- published5 Aug 2025
- disclosed18 Jun 2025
Introduced: 18 Jun 2025
CVE-2025-38067 (opens in a new tab)Amendment
The Amazon-Linux security team deemed this advisory irrelevant for Amazon-Linux:2023.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel package and not the kernel package as distributed by Amazon-Linux.
In the Linux kernel, the following vulnerability has been resolved:
rseq: Fix segfault on registration when rseq_cs is non-zero
The rseq_cs field is documented as being set to 0 by user-space prior to registration, however this is not currently enforced by the kernel. This can result in a segfault on return to user-space if the value stored in the rseq_cs field doesn't point to a valid struct rseq_cs.
The correct solution to this would be to fail the rseq registration when the rseq_cs field is non-zero. However, some older versions of glibc will reuse the rseq area of previous threads without clearing the rseq_cs field and will also terminate the process if the rseq registration fails in a secondary thread. This wasn't caught in testing because in this case the leftover rseq_cs does point to a valid struct rseq_cs.
What we can do is clear the rseq_cs field on registration when it's non-zero which will prevent segfaults on registration and won't break the glibc versions that reuse rseq areas on thread creation.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38067
- https://git.kernel.org/stable/c/2df285dab00fa03a3ef939b6cb0d0d0aeb0791db
- https://git.kernel.org/stable/c/fd881d0a085fc54354414aed990ccf05f282ba53
- https://git.kernel.org/stable/c/3e4028ef31b69286c9d4878cee0330235f53f218
- https://git.kernel.org/stable/c/48900d839a3454050fd5822e34be8d54c4ec9b86
- https://git.kernel.org/stable/c/b2b05d0dc2f4f0646922068af435aed5763d16ba
- https://git.kernel.org/stable/c/eaf112069a904b6207b4106ff083e0208232a2eb
- https://git.kernel.org/stable/c/f004f58d18a2d3dc761cf973ad27b4a5997bd876