CVE-2025-38298

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38298
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38298.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38298
Downstream
Related
Published
2025-07-10T08:15:28Z
Modified
2025-08-12T21:01:38Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

EDAC/skx_common: Fix general protection fault

After loading i10nmedac (which automatically loads skxedaccommon), if unload only i10nmedac, then reload it and perform error injection testing, a general protection fault may occur:

mce: [Hardware Error]: Machine check events logged Oops: general protection fault ... ... Workqueue: events mcegenpoolprocess RIP: 0010:string+0x53/0xe0 ... Call Trace: <TASK> ? dieaddr+0x37/0x90 ? excgeneralprotection+0x1e7/0x3f0 ? asmexcgeneralprotection+0x26/0x30 ? string+0x53/0xe0 vsnprintf+0x23e/0x4c0 snprintf+0x4d/0x70 skxadxldecode+0x16a/0x330 [skxedaccommon] skxmcecheckerror.part.0+0xf8/0x220 [skxedaccommon] skxmcecheckerror+0x17/0x20 [skxedac_common] ...

The issue arose was because the variable 'adxlcomponentcount' (inside skxedaccommon), which counts the ADXL components, was not reset. During the reloading of i10nm_edac, the count was incremented by the actual number of ADXL components again, resulting in a count that was double the real number of ADXL components. This led to an out-of-bounds reference to the ADXL component array, causing the general protection fault above.

Fix this issue by resetting the 'adxlcomponentcount' in adxlput(), which is called during the unloading of {skx,i10nm}edac.

References

Affected packages