CVE-2025-38559 (GCVE-0-2025-38559)
Vulnerability from cvelistv5
Published
2025-08-19 17:02
Modified
2025-08-19 17:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/intel/pmt: fix a crashlog NULL pointer access
Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The
current use of the endpoint value is only valid for telemetry endpoint
usage.
Without the ep, the crashlog usage causes the following NULL pointer
exception:
BUG: kernel NULL pointer dereference, address: 0000000000000000
Oops: Oops: 0000 [#1] SMP NOPTI
RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]
Code:
Call Trace:
<TASK>
? sysfs_kf_bin_read+0xc0/0xe0
kernfs_fop_read_iter+0xac/0x1a0
vfs_read+0x26d/0x350
ksys_read+0x6b/0xe0
__x64_sys_read+0x1d/0x30
x64_sys_call+0x1bc8/0x1d70
do_syscall_64+0x6d/0x110
Augment struct intel_pmt_entry with a pointer to the pcidev to avoid
the NULL pointer exception.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/platform/x86/intel/pmt/class.c", "drivers/platform/x86/intel/pmt/class.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "860d93bd6a21f08883711196344c353bc3936a2b", "status": "affected", "version": "045a513040cc0242d364c05c3791594e2294f32d", "versionType": "git" }, { "lessThan": "18d53b543b5447478e259c96ca4688393f327c98", "status": "affected", "version": "045a513040cc0242d364c05c3791594e2294f32d", "versionType": "git" }, { "lessThan": "089d05266b2caf020ac2ae2cd2be78f580268f5d", "status": "affected", "version": "045a513040cc0242d364c05c3791594e2294f32d", "versionType": "git" }, { "lessThan": "54d5cd4719c5e87f33d271c9ac2e393147d934f8", "status": "affected", "version": "045a513040cc0242d364c05c3791594e2294f32d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/platform/x86/intel/pmt/class.c", "drivers/platform/x86/intel/pmt/class.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.12" }, { "lessThan": "6.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.12.*", "status": "unaffected", "version": "6.12.42", "versionType": "semver" }, { "lessThanOrEqual": "6.15.*", "status": "unaffected", "version": "6.15.10", "versionType": "semver" }, { "lessThanOrEqual": "6.16.*", "status": "unaffected", "version": "6.16.1", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.17-rc1", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.42", "versionStartIncluding": "6.12", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.15.10", "versionStartIncluding": "6.12", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.16.1", "versionStartIncluding": "6.12", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.17-rc1", "versionStartIncluding": "6.12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/intel/pmt: fix a crashlog NULL pointer access\n\nUsage of the intel_pmt_read() for binary sysfs, requires a pcidev. The\ncurrent use of the endpoint value is only valid for telemetry endpoint\nusage.\n\nWithout the ep, the crashlog usage causes the following NULL pointer\nexception:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nOops: Oops: 0000 [#1] SMP NOPTI\nRIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]\nCode:\nCall Trace:\n \u003cTASK\u003e\n ? sysfs_kf_bin_read+0xc0/0xe0\n kernfs_fop_read_iter+0xac/0x1a0\n vfs_read+0x26d/0x350\n ksys_read+0x6b/0xe0\n __x64_sys_read+0x1d/0x30\n x64_sys_call+0x1bc8/0x1d70\n do_syscall_64+0x6d/0x110\n\nAugment struct intel_pmt_entry with a pointer to the pcidev to avoid\nthe NULL pointer exception." } ], "providerMetadata": { "dateUpdated": "2025-08-19T17:02:37.020Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/860d93bd6a21f08883711196344c353bc3936a2b" }, { "url": "https://git.kernel.org/stable/c/18d53b543b5447478e259c96ca4688393f327c98" }, { "url": "https://git.kernel.org/stable/c/089d05266b2caf020ac2ae2cd2be78f580268f5d" }, { "url": "https://git.kernel.org/stable/c/54d5cd4719c5e87f33d271c9ac2e393147d934f8" } ], "title": "platform/x86/intel/pmt: fix a crashlog NULL pointer access", "x_generator": { "engine": "bippy-1.2.0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2025-38559", "datePublished": "2025-08-19T17:02:37.020Z", "dateReserved": "2025-04-16T04:51:24.025Z", "dateUpdated": "2025-08-19T17:02:37.020Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2025-38559\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-19T17:15:32.233\",\"lastModified\":\"2025-08-20T14:40:17.713\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nplatform/x86/intel/pmt: fix a crashlog NULL pointer access\\n\\nUsage of the intel_pmt_read() for binary sysfs, requires a pcidev. The\\ncurrent use of the endpoint value is only valid for telemetry endpoint\\nusage.\\n\\nWithout the ep, the crashlog usage causes the following NULL pointer\\nexception:\\n\\nBUG: kernel NULL pointer dereference, address: 0000000000000000\\nOops: Oops: 0000 [#1] SMP NOPTI\\nRIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]\\nCode:\\nCall Trace:\\n \u003cTASK\u003e\\n ? sysfs_kf_bin_read+0xc0/0xe0\\n kernfs_fop_read_iter+0xac/0x1a0\\n vfs_read+0x26d/0x350\\n ksys_read+0x6b/0xe0\\n __x64_sys_read+0x1d/0x30\\n x64_sys_call+0x1bc8/0x1d70\\n do_syscall_64+0x6d/0x110\\n\\nAugment struct intel_pmt_entry with a pointer to the pcidev to avoid\\nthe NULL pointer exception.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86/intel/pmt: correcci\u00f3n de un acceso a puntero nulo en el registro de fallos. El uso de intel_pmt_read() para sistemas binarios sysfs requiere un pcidev. El uso actual del valor del endpoint solo es v\u00e1lido para el uso de endpoints de telemetr\u00eda. Sin el ep, el uso del registro de fallos provoca la siguiente excepci\u00f3n de puntero nulo: ERROR: desreferencia de puntero nulo del kernel, direcci\u00f3n: 0000000000000000 \u00a1Uy!: \u00a1Uy!: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class] C\u00f3digo: Seguimiento de llamadas: ? Aumente la estructura intel_pmt_entry con un puntero a pcidev para evitar la excepci\u00f3n del puntero NULL.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/089d05266b2caf020ac2ae2cd2be78f580268f5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/18d53b543b5447478e259c96ca4688393f327c98\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/54d5cd4719c5e87f33d271c9ac2e393147d934f8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/860d93bd6a21f08883711196344c353bc3936a2b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…