CVE-2025-38298

{"id": "CVE-2025-38298", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-07-10T08:15:28.500", "references": [{"url": "https://git.kernel.org/stable/c/20d2d476b3ae18041be423671a8637ed5ffd6958", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/31ef6f7c9aee3be78d63789653e92350f2537f93", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3f5d0659000923735350da60ad710f8c804544fe", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/80bf28fd623d97dd4f4825fbbe9d736cec2afba3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a13e8343ffcff27af1ff79597ff7ba241e6d9471", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a6ed3a6edff09c1187cc6ade7f5967bca2376a13", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bf6a8502a5f4ff6e4d135d795945cdade49ec8b0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e8530ed3c0769a4d8f79c212715ec1cf277787f8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/skx_common: Fix general protection fault\n\nAfter loading i10nm_edac (which automatically loads skx_edac_common), if\nunload only i10nm_edac, then reload it and perform error injection testing,\na general protection fault may occur:\n\n mce: [Hardware Error]: Machine check events logged\n Oops: general protection fault ...\n ...\n Workqueue: events mce_gen_pool_process\n RIP: 0010:string+0x53/0xe0\n ...\n Call Trace:\n <TASK>\n ? die_addr+0x37/0x90\n ? exc_general_protection+0x1e7/0x3f0\n ? asm_exc_general_protection+0x26/0x30\n ? string+0x53/0xe0\n vsnprintf+0x23e/0x4c0\n snprintf+0x4d/0x70\n skx_adxl_decode+0x16a/0x330 [skx_edac_common]\n skx_mce_check_error.part.0+0xf8/0x220 [skx_edac_common]\n skx_mce_check_error+0x17/0x20 [skx_edac_common]\n ...\n\nThe issue arose was because the variable 'adxl_component_count' (inside\nskx_edac_common), which counts the ADXL components, was not reset. During\nthe reloading of i10nm_edac, the count was incremented by the actual number\nof ADXL components again, resulting in a count that was double the real\nnumber of ADXL components. This led to an out-of-bounds reference to the\nADXL component array, causing the general protection fault above.\n\nFix this issue by resetting the 'adxl_component_count' in adxl_put(),\nwhich is called during the unloading of {skx,i10nm}_edac."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: EDAC/skx_common: Corregir fallo de protecci\u00f3n general Despu\u00e9s de cargar i10nm_edac (que carga autom\u00e1ticamente skx_edac_common), si solo se descarga i10nm_edac, luego se vuelve a cargar y se realizan pruebas de inyecci\u00f3n de errores, puede ocurrir un fallo de protecci\u00f3n general: mce: [Error de hardware]: Se registraron eventos de comprobaci\u00f3n de la m\u00e1quina Oops: fallo de protecci\u00f3n general ... ... Cola de trabajo: eventos mce_gen_pool_process RIP: 0010:string+0x53/0xe0 ... Rastreo de llamadas: ? die_addr+0x37/0x90 ? exc_general_protection+0x1e7/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? string+0x53/0xe0 vsnprintf+0x23e/0x4c0 snprintf+0x4d/0x70 skx_adxl_decode+0x16a/0x330 [skx_edac_common] skx_mce_check_error.part.0+0xf8/0x220 [skx_edac_common] skx_mce_check_error+0x17/0x20 [skx_edac_common] ... El problema surgi\u00f3 porque la variable 'adxl_component_count' (dentro de skx_edac_common), que cuenta los componentes ADXL, no se restableci\u00f3. Durante la recarga de i10nm_edac, el recuento se increment\u00f3 de nuevo seg\u00fan el n\u00famero real de componentes ADXL, lo que result\u00f3 en un recuento que duplic\u00f3 el n\u00famero real de componentes ADXL. Esto provoc\u00f3 una referencia fuera de los l\u00edmites a la matriz de componentes ADXL, lo que provoc\u00f3 el fallo de protecci\u00f3n general mencionado anteriormente. Solucione este problema restableciendo 'adxl_component_count' en adxl_put(), que se llama durante la descarga de {skx,i10nm}_edac."}], "lastModified": "2025-12-19T17:51:03.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FB8A7E5-963A-4C1A-86BA-D9756CBBD25B", "versionEndExcluding": "5.4.295", "versionStartIncluding": "5.4.282"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2AD619D-362B-4573-8016-AE88B4DA10A9", "versionEndExcluding": "5.10.239", "versionStartIncluding": "5.10.224"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F9C0A75-76EA-4E80-9963-89F5DBFE3F88", "versionEndExcluding": "5.15.186", "versionStartIncluding": "5.15.165"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "295354BB-0752-48B7-8C7C-4FB03B558145", "versionEndExcluding": "6.1.142", "versionStartIncluding": "6.1.103"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "111543E8-1DC8-4822-B520-CBAF1B8F5984", "versionEndExcluding": "6.6.94", "versionStartIncluding": "6.6.44"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B3F116A-F6EB-4EE1-A11A-B1DC1A859A20", "versionEndExcluding": "6.12.34", "versionStartIncluding": "6.10.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}