CVE-2025-38487
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write [ 120.373866] [00000004] *pgd=00000000 [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE ... [ 120.679543] Call trace: [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38 [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200 ...
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: aspeed: lpc-snoop: No deshabilite los canales que no están habilitados. Mitigar, por ejemplo, lo siguiente: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] No se puede controlar la desreferencia del puntero NULL del kernel en la dirección virtual 00000004 al escribir [ 120.373866] [00000004] *pgd=00000000 [ 120.377910] Error interno: Oops: 805 [#1] SMP ARM [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh No contaminado 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NINGUNO ... [ 120.679543] Rastreo de llamadas: [ 120.679559] misc_deregister de aspeed_lpc_snoop_remove+0x84/0xac [ 120.692462] aspeed_lpc_snoop_remove de platform_remove+0x28/0x38 [ 120.700996] platform_remove de device_release_driver_internal+0x188/0x200 ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.41-1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-04-16 CVE Reserved
- 2025-07-28 CVE Published
- 2025-07-29 CVE Updated
- 2025-08-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.13 < 6.1.147 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 6.1.147" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.13 < 6.6.100 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 6.6.100" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.13 < 6.12.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 6.12.40" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.13 < 6.15.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 6.15.8" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.13 < 6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 < 6.16" | en |
Affected
| ||||||