CVE-2025-22033 in Linux
Summary
by MITRE • 04/16/2025
In the Linux kernel, the following vulnerability has been resolved:
arm64: Don't call NULL in do_compat_alignment_fixup()
do_alignment_t32_to_handler() only fixes up alignment faults for specific instructions; it returns NULL otherwise (e.g. LDREX). When that's the case, signal to the caller that it needs to proceed with the regular alignment fault handling (i.e. SIGBUS). Without this patch, the kernel panics:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000006 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000 [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000
Internal error: Oops: 0000000086000006 [#1] SMP
Modules linked in: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa> libcrc32c crc32c_generic raid0 multipath linear dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c> CPU: 2 PID: 3932954 Comm: WPEWebProcess Not tainted 6.1.0-31-arm64 #1 Debian 6.1.128-1 Hardware name: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : do_compat_alignment_fixup+0xd8/0x3dc sp : ffff80000f973dd0 x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001 x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : ffffaebc949bc488 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000400000 x4 : 0000fffffffffffe x3 : 0000000000000000 x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001 Call trace: 0x0 do_alignment_fault+0x40/0x50 do_mem_abort+0x4c/0xa0 el0_da+0x48/0xf0 el0t_32_sync_handler+0x110/0x140 el0t_32_sync+0x190/0x194 Code: bad PC value ---[ end trace 0000000000000000 ]---
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/15/2026
The vulnerability CVE-2025-22033 represents a critical null pointer dereference issue within the Linux kernel's arm64 architecture implementation, specifically affecting the do_compat_alignment_fixup() function. This flaw occurs during the handling of alignment faults for 32-bit ARM instructions, where the kernel fails to properly validate function pointers before execution. The root cause lies in the do_alignment_t32_to_handler() function which only processes alignment faults for specific instruction types and returns NULL for others such as LDREX, without properly signaling to the calling function that regular alignment fault handling should proceed. This design oversight creates a path where a NULL function pointer is dereferenced, leading to immediate kernel panic and system crash. The vulnerability directly maps to CWE-476 which describes NULL pointer dereference conditions in software systems.
The operational impact of this vulnerability is severe as it can be triggered by any process attempting to execute ARM32 compatibility mode instructions that require alignment handling. The kernel panic occurs at virtual address zero, which is a critical system location that cannot be accessed, causing immediate system instability and potential denial of service. The error trace shows that the fault originates from the do_compat_alignment_fixup function which attempts to call a NULL pointer, resulting in an internal kernel error that terminates the system. This type of vulnerability is particularly dangerous in embedded systems or server environments where system stability is paramount. The vulnerability affects systems running Linux kernel versions with arm64 architecture support and can be exploited by malicious processes or compromised applications that trigger specific ARM32 instruction sequences.
The mitigation strategy for CVE-2025-22033 requires immediate kernel updates that patch the null pointer dereference issue in the arm64 alignment fault handling code. System administrators should prioritize applying the latest kernel security patches from their distribution vendors, particularly those addressing ARM64 architecture compatibility issues. Organizations running affected systems should conduct immediate vulnerability assessments to identify processes that might trigger the problematic code path. Monitoring systems should be enhanced to detect kernel panics or oops messages related to alignment fault handling, as these could indicate exploitation attempts. From an ATT&CK perspective, this vulnerability could be leveraged as part of a privilege escalation or denial of service attack, potentially allowing attackers to gain unauthorized access to systems or cause system-wide outages. The patch implementation should be validated through regression testing to ensure that legitimate alignment fault handling continues to function properly while preventing the null pointer dereference condition.