CVE-2025-38487

MEDIUM EPSS 4.6%
Published Jul 28, 202511mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 28, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write [ 120.373866] [00000004] *pgd=00000000 [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE ... [ 120.679543] Call trace: [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38 [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200 ...

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 14

VendorProductVersionRange
linuxlinux_kernel*≥4.13  –  <5.4.297
linuxlinux_kernel*≥5.5  –  <5.10.241
linuxlinux_kernel*≥5.11  –  <5.15.190
linuxlinux_kernel*≥5.16  –  <6.1.147
linuxlinux_kernel*≥6.2  –  <6.6.100
linuxlinux_kernel*≥6.7  –  <6.12.40
linuxlinux_kernel*≥6.13  –  <6.15.8
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/166afe964e8433d52c641f5d1c09102bacee9a92
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/62e51f51d97477ea4e78c82e7076a171dac86c75
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9e1d2b97f5e2a36a2fd30a8bd30ead9dac5e3a51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/166afe964e8433d52c641f5d1c09102bacee9a92
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/62e51f51d97477ea4e78c82e7076a171dac86c75
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9e1d2b97f5e2a36a2fd30a8bd30ead9dac5e3a51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a
    Patch