DEBIAN-CVE-2025-38559
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-38559
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-38559.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-38559
- Upstream
- Published
- 2025-08-19T17:15:32.233Z
- Modified
- 2025-11-14T04:08:44.067084Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intelpmtread() for binary sysfs, requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without the ep, the crashlog usage causes the following NULL pointer exception: BUG: kernel NULL pointer dereference, address: 0000000000000000 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:intelpmtread+0x3b/0x70 [pmtclass] Code: Call Trace: <TASK> ? sysfskfbinread+0xc0/0xe0 kernfsfopreaditer+0xac/0x1a0 vfsread+0x26d/0x350 ksysread+0x6b/0xe0 _x64sysread+0x1d/0x30 x64syscall+0x1bc8/0x1d70 dosyscall64+0x6d/0x110 Augment struct intelpmtentry with a pointer to the pcidev to avoid the NULL pointer exception.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.3-1