CVE-2025-38696: 
CBL Mariner vulnerability analysis and mitigation

CVE-2025-38696 is a vulnerability discovered in the Linux kernel affecting MIPS architecture systems. The issue was publicly disclosed on September 4, 2025, and involves a crash condition in the stack_top() function when handling tasks without ABI or vDSO mappings (NVD, Ubuntu).

The vulnerability occurs when tasks without an associated ABI or virtual dynamic shared object (vDSO) mapping attempt to call the stack_top() function. This particularly affects kernel threads (kthreads) which never have these mappings. When such a task calls stack_top(), it attempts to dereference a NULL ABI pointer, resulting in a system crash. The issue can be triggered during kunit testing operations through a specific call chain involving mips_stack_top, arch_pick_mmap_layout, and several other kernel functions (NVD).

The vulnerability can cause system crashes when specific kernel operations are performed, particularly affecting systems running kunit tests. This primarily impacts MIPS architecture systems running the Linux kernel (NVD).

The fix involves modifying the code to only dereference the ABI pointer if it is set. Additionally, the GIC page handling has been updated as it is specific to the vDSO, and the randomization adjustment has been moved into the same conditional block (NVD).