CVE-2025-38239

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: megaraid_sas: Fix invalid node index

On a system with DRAM interleave enabled, out-of-bound access is detected:

megaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0 ————[ cut here ]———— UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask *[1024]' dump_stack_lvl+0x5d/0x80 ubsan_epilogue+0x5/0x2b __ubsan_handle_out_of_bounds.cold+0x46/0x4b megasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas] megasas_probe_one.cold+0xa4d/0x189c [megaraid_sas] local_pci_probe+0x42/0x90 pci_device_probe+0xdc/0x290 really_probe+0xdb/0x340 __driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8b/0xe0 bus_add_driver+0x142/0x220 driver_register+0x72/0xd0 megasas_init+0xdf/0xff0 [megaraid_sas] do_one_initcall+0x57/0x310 do_init_module+0x90/0x250 init_module_from_file+0x85/0xc0 idempotent_init_module+0x114/0x310 __x64_sys_finit_module+0x65/0xc0 do_syscall_64+0x82/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Fix it accordingly.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8049da6f3943d0ac51931b8064b2e4769a69a967 < f1064b3532192e987ab17be7281d5fee36fd25e1affected
LinuxLinux8049da6f3943d0ac51931b8064b2e4769a69a967 < bf2c1643abc3b2507d56bb6c22bf9897272f8a35affected
LinuxLinux8049da6f3943d0ac51931b8064b2e4769a69a967 < 19a47c966deb36624843b7301f0373a3dc541a05affected
LinuxLinux8049da6f3943d0ac51931b8064b2e4769a69a967 < 074efb35552556a4b3b25eedab076d5dc24a8199affected
LinuxLinux8049da6f3943d0ac51931b8064b2e4769a69a967 < 752eb816b55adb0673727ba0ed96609a17895654affected
LinuxLinux5.17affected
LinuxLinux0 < 5.17unaffected
LinuxLinux6.1.143 <= 6.1.*unaffected
LinuxLinux6.6.96 <= 6.6.*unaffected
LinuxLinux6.12.36 <= 6.12.*unaffected
LinuxLinux6.15.5 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References