5.5

CVE-2025-38518

EPSS 0.03%
Veröffentlicht 16.08.2025 10:55:05
Zuletzt bearbeitet 18.11.2025 21:51:51
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

x86/CPU/AMD: Disable INVLPGB on Zen2

In the Linux kernel, the following vulnerability has been resolved:

x86/CPU/AMD: Disable INVLPGB on Zen2

AMD Cyan Skillfish (Family 17h, Model 47h, Stepping 0h) has an issue
that causes system oopses and panics when performing TLB flush using
INVLPGB.

However, the problem is that that machine has misconfigured CPUID and
should not report the INVLPGB bit in the first place. So zap the
kernel's representation of the flag so that nothing gets confused.

  [ bp: Massage. ]

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

NVD 6 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.15 < 6.15.7

Linux ≫ Linux Kernel Version6.16 Updaterc1

Linux ≫ Linux Kernel Version6.16 Updaterc2

Linux ≫ Linux Kernel Version6.16 Updaterc3

Linux ≫ Linux Kernel Version6.16 Updaterc4

Linux ≫ Linux Kernel Version6.16 Updaterc5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.079

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/357f121517924e3ec3021f9d0dd0189adcd09867

Patch

https://git.kernel.org/stable/c/a74bb5f202dabddfea96abc1328fcedae8aa140a

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-38518

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38518

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38518

EUVD