CVE-2025-38559 (GCVE-0-2025-38559)
Vulnerability from cvelistv5
Published
2025-08-19 17:02
Modified
2025-08-19 17:02
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without the ep, the crashlog usage causes the following NULL pointer exception: BUG: kernel NULL pointer dereference, address: 0000000000000000 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class] Code: Call Trace: <TASK> ? sysfs_kf_bin_read+0xc0/0xe0 kernfs_fop_read_iter+0xac/0x1a0 vfs_read+0x26d/0x350 ksys_read+0x6b/0xe0 __x64_sys_read+0x1d/0x30 x64_sys_call+0x1bc8/0x1d70 do_syscall_64+0x6d/0x110 Augment struct intel_pmt_entry with a pointer to the pcidev to avoid the NULL pointer exception.
Impacted products
Vendor Product Version
Linux Linux Version: 045a513040cc0242d364c05c3791594e2294f32d
Version: 045a513040cc0242d364c05c3791594e2294f32d
Version: 045a513040cc0242d364c05c3791594e2294f32d
Version: 045a513040cc0242d364c05c3791594e2294f32d
Create a notification for this product.
   Linux Linux Version: 6.12
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/platform/x86/intel/pmt/class.c",
            "drivers/platform/x86/intel/pmt/class.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "860d93bd6a21f08883711196344c353bc3936a2b",
              "status": "affected",
              "version": "045a513040cc0242d364c05c3791594e2294f32d",
              "versionType": "git"
            },
            {
              "lessThan": "18d53b543b5447478e259c96ca4688393f327c98",
              "status": "affected",
              "version": "045a513040cc0242d364c05c3791594e2294f32d",
              "versionType": "git"
            },
            {
              "lessThan": "089d05266b2caf020ac2ae2cd2be78f580268f5d",
              "status": "affected",
              "version": "045a513040cc0242d364c05c3791594e2294f32d",
              "versionType": "git"
            },
            {
              "lessThan": "54d5cd4719c5e87f33d271c9ac2e393147d934f8",
              "status": "affected",
              "version": "045a513040cc0242d364c05c3791594e2294f32d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/platform/x86/intel/pmt/class.c",
            "drivers/platform/x86/intel/pmt/class.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.12"
            },
            {
              "lessThan": "6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc1",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/intel/pmt: fix a crashlog NULL pointer access\n\nUsage of the intel_pmt_read() for binary sysfs, requires a pcidev. The\ncurrent use of the endpoint value is only valid for telemetry endpoint\nusage.\n\nWithout the ep, the crashlog usage causes the following NULL pointer\nexception:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nOops: Oops: 0000 [#1] SMP NOPTI\nRIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]\nCode:\nCall Trace:\n \u003cTASK\u003e\n ? sysfs_kf_bin_read+0xc0/0xe0\n kernfs_fop_read_iter+0xac/0x1a0\n vfs_read+0x26d/0x350\n ksys_read+0x6b/0xe0\n __x64_sys_read+0x1d/0x30\n x64_sys_call+0x1bc8/0x1d70\n do_syscall_64+0x6d/0x110\n\nAugment struct intel_pmt_entry with a pointer to the pcidev to avoid\nthe NULL pointer exception."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T17:02:37.020Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/860d93bd6a21f08883711196344c353bc3936a2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/18d53b543b5447478e259c96ca4688393f327c98"
        },
        {
          "url": "https://git.kernel.org/stable/c/089d05266b2caf020ac2ae2cd2be78f580268f5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/54d5cd4719c5e87f33d271c9ac2e393147d934f8"
        }
      ],
      "title": "platform/x86/intel/pmt: fix a crashlog NULL pointer access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38559",
    "datePublished": "2025-08-19T17:02:37.020Z",
    "dateReserved": "2025-04-16T04:51:24.025Z",
    "dateUpdated": "2025-08-19T17:02:37.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38559\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-19T17:15:32.233\",\"lastModified\":\"2025-08-20T14:40:17.713\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nplatform/x86/intel/pmt: fix a crashlog NULL pointer access\\n\\nUsage of the intel_pmt_read() for binary sysfs, requires a pcidev. The\\ncurrent use of the endpoint value is only valid for telemetry endpoint\\nusage.\\n\\nWithout the ep, the crashlog usage causes the following NULL pointer\\nexception:\\n\\nBUG: kernel NULL pointer dereference, address: 0000000000000000\\nOops: Oops: 0000 [#1] SMP NOPTI\\nRIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]\\nCode:\\nCall Trace:\\n \u003cTASK\u003e\\n ? sysfs_kf_bin_read+0xc0/0xe0\\n kernfs_fop_read_iter+0xac/0x1a0\\n vfs_read+0x26d/0x350\\n ksys_read+0x6b/0xe0\\n __x64_sys_read+0x1d/0x30\\n x64_sys_call+0x1bc8/0x1d70\\n do_syscall_64+0x6d/0x110\\n\\nAugment struct intel_pmt_entry with a pointer to the pcidev to avoid\\nthe NULL pointer exception.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86/intel/pmt: correcci\u00f3n de un acceso a puntero nulo en el registro de fallos. El uso de intel_pmt_read() para sistemas binarios sysfs requiere un pcidev. El uso actual del valor del endpoint solo es v\u00e1lido para el uso de endpoints de telemetr\u00eda. Sin el ep, el uso del registro de fallos provoca la siguiente excepci\u00f3n de puntero nulo: ERROR: desreferencia de puntero nulo del kernel, direcci\u00f3n: 0000000000000000 \u00a1Uy!: \u00a1Uy!: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class] C\u00f3digo: Seguimiento de llamadas:  ? Aumente la estructura intel_pmt_entry con un puntero a pcidev para evitar la excepci\u00f3n del puntero NULL.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/089d05266b2caf020ac2ae2cd2be78f580268f5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/18d53b543b5447478e259c96ca4688393f327c98\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/54d5cd4719c5e87f33d271c9ac2e393147d934f8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/860d93bd6a21f08883711196344c353bc3936a2b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…