CVE-2025-38239
- Source
- https://cve.org/CVERecord?id=CVE-2025-38239
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38239.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38239
- Downstream
- Related
- Published
- 2025-07-09T10:42:24.170Z
- Modified
- 2026-03-20T12:42:45.567245Z
- Summary
- scsi: megaraid_sas: Fix invalid node index
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: megaraid_sas: Fix invalid node index
On a system with DRAM interleave enabled, out-of-bound access is detected:
megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask *[1024]' dumpstacklvl+0x5d/0x80 ubsan_epilogue+0x5/0x2b __ubsanhandleoutofbounds.cold+0x46/0x4b megasasallocirqvectors+0x149/0x190 [megaraidsas] megasasprobeone.cold+0xa4d/0x189c [megaraidsas] localpciprobe+0x42/0x90 pcideviceprobe+0xdc/0x290 reallyprobe+0xdb/0x340 __driverprobedevice+0x78/0x110 driverprobedevice+0x1f/0xa0 __driverattach+0xba/0x1c0 busforeachdev+0x8b/0xe0 busadddriver+0x142/0x220 driverregister+0x72/0xd0 megasasinit+0xdf/0xff0 [megaraidsas] dooneinitcall+0x57/0x310 doinitmodule+0x90/0x250 initmodulefromfile+0x85/0xc0 idempotentinitmodule+0x114/0x310 _x64sysfinitmodule+0x65/0xc0 dosyscall64+0x82/0x170 entrySYSCALL64afterhwframe+0x76/0x7e
Fix it accordingly.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38239.json" }- References
-
- https://git.kernel.org/stable/c/074efb35552556a4b3b25eedab076d5dc24a8199
- https://git.kernel.org/stable/c/19a47c966deb36624843b7301f0373a3dc541a05
- https://git.kernel.org/stable/c/752eb816b55adb0673727ba0ed96609a17895654
- https://git.kernel.org/stable/c/bf2c1643abc3b2507d56bb6c22bf9897272f8a35
- https://git.kernel.org/stable/c/f1064b3532192e987ab17be7281d5fee36fd25e1
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38239.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38239
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8049da6f3943d0ac51931b8064b2e4769a69a967Fixedf1064b3532192e987ab17be7281d5fee36fd25e1Fixedbf2c1643abc3b2507d56bb6c22bf9897272f8a35Fixed19a47c966deb36624843b7301f0373a3dc541a05Fixed074efb35552556a4b3b25eedab076d5dc24a8199Fixed752eb816b55adb0673727ba0ed96609a17895654