5.5

CVE-2025-38487

soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled

In the Linux kernel, the following vulnerability has been resolved:

soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled

Mitigate e.g. the following:

    # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind
    ...
    [  120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write
    [  120.373866] [00000004] *pgd=00000000
    [  120.377910] Internal error: Oops: 805 [#1] SMP ARM
    [  120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE
    ...
    [  120.679543] Call trace:
    [  120.679559]  misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac
    [  120.692462]  aspeed_lpc_snoop_remove from platform_remove+0x28/0x38
    [  120.700996]  platform_remove from device_release_driver_internal+0x188/0x200
    ...
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.13 < 5.4.297
LinuxLinux Kernel Version >= 5.5 < 5.10.241
LinuxLinux Kernel Version >= 5.11 < 5.15.190
LinuxLinux Kernel Version >= 5.16 < 6.1.147
LinuxLinux Kernel Version >= 6.2 < 6.6.100
LinuxLinux Kernel Version >= 6.7 < 6.12.40
LinuxLinux Kernel Version >= 6.13 < 6.15.8
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
LinuxLinux Kernel Version6.16 Updaterc3
LinuxLinux Kernel Version6.16 Updaterc4
LinuxLinux Kernel Version6.16 Updaterc5
LinuxLinux Kernel Version6.16 Updaterc6
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.046
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a
Patch
https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be
Patch
https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f
Patch
https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448
Patch
https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247
Patch
https://git.kernel.org/stable/c/166afe964e8433d52c641f5d1c09102bacee9a92
Patch
https://git.kernel.org/stable/c/62e51f51d97477ea4e78c82e7076a171dac86c75
Patch
https://git.kernel.org/stable/c/9e1d2b97f5e2a36a2fd30a8bd30ead9dac5e3a51
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory