CVE-2025-38386
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38386
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38386.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38386
- Downstream
- Related
- Published
- 2025-07-25T12:53:27.229Z
- Modified
- 2025-11-28T02:34:23.223384Z
- Summary
- ACPICA: Refuse to evaluate a method if arguments are missing
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Refuse to evaluate a method if arguments are missing
As reported in [1], a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due to use-after-free.
Since this a result of a clear AML issue that arguably cannot be fixed up by the interpreter (it cannot produce missing data out of thin air), address it by making ACPICA refuse to evaluate a method if the caller attempts to pass fewer arguments than expected to it.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38386.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/18ff4ed6a33a7e3f2097710eacc96bea7696e803
- https://git.kernel.org/stable/c/2219e49857ffd6aea1b1ca5214d3270f84623a16
- https://git.kernel.org/stable/c/4305d936abde795c2ef6ba916de8f00a50f64d2d
- https://git.kernel.org/stable/c/6fcab2791543924d438e7fa49276d0998b0a069f
- https://git.kernel.org/stable/c/ab1e8491c19eb2ea0fda81ef28e841c7cb6399f5
- https://git.kernel.org/stable/c/b49d224d1830c46e20adce2a239c454cdab426f1
- https://git.kernel.org/stable/c/c9e4da550ae196132b990bd77ed3d8f2d9747f87
- https://git.kernel.org/stable/c/d547779e72cea9865b732cd45393c4cd02b3598e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38386.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38386
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixedb49d224d1830c46e20adce2a239c454cdab426f1Fixed2219e49857ffd6aea1b1ca5214d3270f84623a16Fixedab1e8491c19eb2ea0fda81ef28e841c7cb6399f5Fixed4305d936abde795c2ef6ba916de8f00a50f64d2dFixedd547779e72cea9865b732cd45393c4cd02b3598eFixed18ff4ed6a33a7e3f2097710eacc96bea7696e803Fixedc9e4da550ae196132b990bd77ed3d8f2d9747f87Fixed6fcab2791543924d438e7fa49276d0998b0a069f
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.4.296
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.240
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.187
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.144
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.97
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.37
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.15.6