CVE-2025-38487

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38487
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38487.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38487
Downstream
Related
Published
2025-07-28T11:21:51.249Z
Modified
2026-03-12T02:15:37.346931Z
Summary
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
Details

In the Linux kernel, the following vulnerability has been resolved:

soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled

Mitigate e.g. the following:

# echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind
...
[  120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write
[  120.373866] [00000004] *pgd=00000000
[  120.377910] Internal error: Oops: 805 [#1] SMP ARM
[  120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE
...
[  120.679543] Call trace:
[  120.679559]  misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac
[  120.692462]  aspeed_lpc_snoop_remove from platform_remove+0x28/0x38
[  120.700996]  platform_remove from device_release_driver_internal+0x188/0x200
...
Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38487.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1
Fixed
62e51f51d97477ea4e78c82e7076a171dac86c75
Fixed
9e1d2b97f5e2a36a2fd30a8bd30ead9dac5e3a51
Fixed
166afe964e8433d52c641f5d1c09102bacee9a92
Fixed
dc5598482e2d3b234f6d72d6f5568e24f603e51a
Fixed
329a80adc0e5f815d0514a6d403aaaf0995cd9be
Fixed
b361598b7352f02456619a6105c7da952ef69f8f
Fixed
ac10ed9862104936a412f8b475c869e99f048448
Fixed
56448e78a6bb4e1a8528a0e2efe94eff0400c247

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38487.json"