CVE-2025-38487

5.5 MEDIUM
Published: July 28, 2025 Modified: January 07, 2026
View on NVD

Description

In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write [ 120.373866] [00000004] *pgd=00000000 [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE ... [ 120.679543] Call trace: [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38 [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200 ...

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://git.kernel.org/stable/c/166afe964e8433d52c641f5d1c09102bacee9a92
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/62e51f51d97477ea4e78c82e7076a171dac86c75
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/9e1d2b97f5e2a36a2fd30a8bd30ead9dac5e3a51
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.5 / 10.0
EPSS (Exploit Probability)
0.0%
4th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-476

Affected Vendors

debian linux

Related CVEs

CVE-2026-0824 3.5
CVE-2026-0822 6.3
CVE-2025-13393 4.3
CVE-2025-12379 6.4
CVE-2026-0821 7.3