CVE-2025-38239
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38239
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38239.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38239
- Downstream
- Related
- Published
- 2025-07-09T11:15:25Z
- Modified
- 2025-08-12T21:01:38Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: megaraid_sas: Fix invalid node index
On a system with DRAM interleave enabled, out-of-bound access is detected:
megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask *[1024]' dumpstacklvl+0x5d/0x80 ubsanepilogue+0x5/0x2b _ubsanhandleoutofbounds.cold+0x46/0x4b megasasallocirqvectors+0x149/0x190 [megaraidsas] megasasprobeone.cold+0xa4d/0x189c [megaraidsas] localpciprobe+0x42/0x90 pcideviceprobe+0xdc/0x290 reallyprobe+0xdb/0x340 _driverprobedevice+0x78/0x110 driverprobedevice+0x1f/0xa0 _driverattach+0xba/0x1c0 busforeachdev+0x8b/0xe0 busadddriver+0x142/0x220 driverregister+0x72/0xd0 megasasinit+0xdf/0xff0 [megaraidsas] dooneinitcall+0x57/0x310 doinitmodule+0x90/0x250 initmodulefromfile+0x85/0xc0 idempotentinitmodule+0x114/0x310 _x64sysfinitmodule+0x65/0xc0 dosyscall64+0x82/0x170 entrySYSCALL64afterhwframe+0x76/0x7e
Fix it accordingly.
- References
-
- https://git.kernel.org/stable/c/074efb35552556a4b3b25eedab076d5dc24a8199
- https://git.kernel.org/stable/c/19a47c966deb36624843b7301f0373a3dc541a05
- https://git.kernel.org/stable/c/752eb816b55adb0673727ba0ed96609a17895654
- https://git.kernel.org/stable/c/bf2c1643abc3b2507d56bb6c22bf9897272f8a35
- https://git.kernel.org/stable/c/f1064b3532192e987ab17be7281d5fee36fd25e1