fkie_cve-2025-38487
Vulnerability from fkie_nvd
Published
2025-07-28 12:15
Modified
2025-11-03 18:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write [ 120.373866] [00000004] *pgd=00000000 [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE ... [ 120.679543] Call trace: [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38 [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200 ...
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/166afe964e8433d52c641f5d1c09102bacee9a92
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/62e51f51d97477ea4e78c82e7076a171dac86c75
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9e1d2b97f5e2a36a2fd30a8bd30ead9dac5e3a51
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don\u0027t disable channels that aren\u0027t enabled\n\nMitigate e.g. the following:\n\n    # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n    ...\n    [  120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n    [  120.373866] [00000004] *pgd=00000000\n    [  120.377910] Internal error: Oops: 805 [#1] SMP ARM\n    [  120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n    ...\n    [  120.679543] Call trace:\n    [  120.679559]  misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n    [  120.692462]  aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n    [  120.700996]  platform_remove from device_release_driver_internal+0x188/0x200\n    ..."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: aspeed: lpc-snoop: No deshabilite los canales que no est\u00e1n habilitados. Mitigar, por ejemplo, lo siguiente: # echo 1e789080.lpc-snoop \u0026gt; /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] No se puede controlar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000004 al escribir [ 120.373866] [00000004] *pgd=00000000 [ 120.377910] Error interno: Oops: 805 [#1] SMP ARM [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh No contaminado 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NINGUNO ... [ 120.679543] Rastreo de llamadas: [ 120.679559] misc_deregister de aspeed_lpc_snoop_remove+0x84/0xac [ 120.692462] aspeed_lpc_snoop_remove de platform_remove+0x28/0x38 [ 120.700996] platform_remove de device_release_driver_internal+0x188/0x200 ..."
    }
  ],
  "id": "CVE-2025-38487",
  "lastModified": "2025-11-03T18:16:25.150",
  "metrics": {},
  "published": "2025-07-28T12:15:30.720",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/166afe964e8433d52c641f5d1c09102bacee9a92"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/62e51f51d97477ea4e78c82e7076a171dac86c75"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9e1d2b97f5e2a36a2fd30a8bd30ead9dac5e3a51"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.