CVE-2025-38487
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
Mitigate e.g. the following:
# echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind
...
[ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write
[ 120.373866] [00000004] *pgd=00000000
[ 120.377910] Internal error: Oops: 805 [#1] SMP ARM
[ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE
...
[ 120.679543] Call trace:
[ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac
[ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38
[ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200
...
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 < 62e51f51d97477ea4e78c82e7076a171dac86c75 | affected |
| Linux | Linux | 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 < 9e1d2b97f5e2a36a2fd30a8bd30ead9dac5e3a51 | affected |
| Linux | Linux | 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 < 166afe964e8433d52c641f5d1c09102bacee9a92 | affected |
| Linux | Linux | 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 < dc5598482e2d3b234f6d72d6f5568e24f603e51a | affected |
| Linux | Linux | 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 < 329a80adc0e5f815d0514a6d403aaaf0995cd9be | affected |
| Linux | Linux | 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 < b361598b7352f02456619a6105c7da952ef69f8f | affected |
| Linux | Linux | 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 < ac10ed9862104936a412f8b475c869e99f048448 | affected |
| Linux | Linux | 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 < 56448e78a6bb4e1a8528a0e2efe94eff0400c247 | affected |
| Linux | Linux | 4.13 | affected |
| Linux | Linux | 0 < 4.13 | unaffected |
| Linux | Linux | 5.4.297 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.241 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.190 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.147 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.100 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.40 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.8 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
References
- https://git.kernel.org/stable/c/62e51f51d97477ea4e78c82e7076a171dac86c75
- https://git.kernel.org/stable/c/9e1d2b97f5e2a36a2fd30a8bd30ead9dac5e3a51
- https://git.kernel.org/stable/c/166afe964e8433d52c641f5d1c09102bacee9a92
- https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a
- https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be
- https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f
- https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448
- https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.