-
CVE-2025-38298
- EPSS 0.04%
- Published 10.07.2025 07:42:11
- Last modified 10.07.2025 13:17:30
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
EDAC/skx_common: Fix general protection fault
After loading i10nm_edac (which automatically loads skx_edac_common), if
unload only i10nm_edac, then reload it and perform error injection testing,
a general protection fault may occur:
mce: [Hardware Error]: Machine check events logged
Oops: general protection fault ...
...
Workqueue: events mce_gen_pool_process
RIP: 0010:string+0x53/0xe0
...
Call Trace:
<TASK>
? die_addr+0x37/0x90
? exc_general_protection+0x1e7/0x3f0
? asm_exc_general_protection+0x26/0x30
? string+0x53/0xe0
vsnprintf+0x23e/0x4c0
snprintf+0x4d/0x70
skx_adxl_decode+0x16a/0x330 [skx_edac_common]
skx_mce_check_error.part.0+0xf8/0x220 [skx_edac_common]
skx_mce_check_error+0x17/0x20 [skx_edac_common]
...
The issue arose was because the variable 'adxl_component_count' (inside
skx_edac_common), which counts the ADXL components, was not reset. During
the reloading of i10nm_edac, the count was incremented by the actual number
of ADXL components again, resulting in a count that was double the real
number of ADXL components. This led to an out-of-bounds reference to the
ADXL component array, causing the general protection fault above.
Fix this issue by resetting the 'adxl_component_count' in adxl_put(),
which is called during the unloading of {skx,i10nm}_edac.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
80bf28fd623d97dd4f4825fbbe9d736cec2afba3
Version
c68d1dbfe381260e8e30880fa6b8e708e57143f6
Status
affected
Version <
a6ed3a6edff09c1187cc6ade7f5967bca2376a13
Version
3070e81609169b316e3e3f226456950238338d43
Status
affected
Version <
bf6a8502a5f4ff6e4d135d795945cdade49ec8b0
Version
2259b26ff45a231579485752bda51acf87c39d18
Status
affected
Version <
e8530ed3c0769a4d8f79c212715ec1cf277787f8
Version
6d0d9f0fd13536ed21b9c0dd576ba292f750a1c1
Status
affected
Version <
3f5d0659000923735350da60ad710f8c804544fe
Version
c25ae63de6805589e954b86020f89065b9eca4d4
Status
affected
Version <
a13e8343ffcff27af1ff79597ff7ba241e6d9471
Version
123b158635505c89ed0d3ef45c5845ff9030a466
Status
affected
Version <
31ef6f7c9aee3be78d63789653e92350f2537f93
Version
123b158635505c89ed0d3ef45c5845ff9030a466
Status
affected
Version <
20d2d476b3ae18041be423671a8637ed5ffd6958
Version
123b158635505c89ed0d3ef45c5845ff9030a466
Status
affected
Version
32700ecf8007e071d1ce4c78f65b85f46d05f32a
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
6.11
Status
affected
Version <
6.11
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.295
Status
unaffected
Version <=
5.10.*
Version
5.10.239
Status
unaffected
Version <=
5.15.*
Version
5.15.186
Status
unaffected
Version <=
6.1.*
Version
6.1.142
Status
unaffected
Version <=
6.6.*
Version
6.6.94
Status
unaffected
Version <=
6.12.*
Version
6.12.34
Status
unaffected
Version <=
6.15.*
Version
6.15.3
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.098 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|