CVE-2025-38288
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels Correct kernel call trace when calling smp_processor_id() when called in preemptible kernels by using raw_smp_processor_id(). smp_processor_id() checks to see if preemption is disabled and if not, issue an error message followed by a call to dump_stack(). Brief example of call trace: kernel: check_preemption_disabled: 436 callbacks suppressed kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u1025:0/2354 kernel: caller is pqi_scsi_queue_command+0x183/0x310 [smartpqi] kernel: CPU: 129 PID: 2354 Comm: kworker/u1025:0 kernel: ... kernel: Workqueue: writeback wb_workfn (flush-253:0) kernel: Call Trace: kernel: <TASK> kernel: dump_stack_lvl+0x34/0x48 kernel: check_preemption_disabled+0xdd/0xe0 kernel: pqi_scsi_queue_command+0x183/0x310 [smartpqi] kernel: ...
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2026-03-17
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38288
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
smartpqi smartpqi *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the incorrect use of the smp_processor_id() function in the Linux kernel's smartpqi SCSI driver when running on preemptible kernels. The function smp_processor_id() should not be called when preemption is enabled because it checks if preemption is disabled and issues an error and stack dump if not. The fix replaces smp_processor_id() with raw_smp_processor_id(), which is safe to call in preemptible contexts, preventing erroneous error messages and kernel call trace dumps.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to produce error messages and dump stack traces unexpectedly when the smartpqi driver calls smp_processor_id() in a preemptible kernel context. This may lead to kernel instability or debugging difficulties, potentially affecting system reliability and performance.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kernel logs for error messages related to smp_processor_id() usage in preemptible kernels. Specifically, look for messages like 'BUG: using smp_processor_id() in preemptible' and call traces involving smartpqi. You can use commands such as 'dmesg | grep smp_processor_id' or 'journalctl -k | grep smp_processor_id' to find relevant kernel log entries.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this issue is fixed, as the vulnerability is resolved by correcting the kernel call trace to use raw_smp_processor_id() instead of smp_processor_id() in preemptible kernels. Until then, monitoring kernel logs for the described error messages can help identify if the issue is occurring.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart