CVE-2025-38487

Description

In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write [ 120.373866] [00000004] *pgd=00000000 [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE ... [ 120.679543] Call trace: [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38 [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200 ...

Reserved 2025-04-16 | Published 2025-07-28 | Updated 2025-07-28 | Assigner Linux

Product status

Default status
unaffected

9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 before dc5598482e2d3b234f6d72d6f5568e24f603e51a
affected

9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 before 329a80adc0e5f815d0514a6d403aaaf0995cd9be
affected

9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 before b361598b7352f02456619a6105c7da952ef69f8f
affected

9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 before ac10ed9862104936a412f8b475c869e99f048448
affected

9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 before 56448e78a6bb4e1a8528a0e2efe94eff0400c247
affected

Default status
affected

4.13
affected

Any version before 4.13
unaffected

6.1.147
unaffected

6.6.100
unaffected

6.12.40
unaffected

6.15.8
unaffected

6.16
unaffected

References

git.kernel.org/...c/dc5598482e2d3b234f6d72d6f5568e24f603e51a

git.kernel.org/...c/329a80adc0e5f815d0514a6d403aaaf0995cd9be

git.kernel.org/...c/b361598b7352f02456619a6105c7da952ef69f8f

git.kernel.org/...c/ac10ed9862104936a412f8b475c869e99f048448

git.kernel.org/...c/56448e78a6bb4e1a8528a0e2efe94eff0400c247

cve.org (CVE-2025-38487)

nvd.nist.gov (CVE-2025-38487)

Download JSON