CVE-2025-38295
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() The Amlogic DDR PMU driver meson_ddr_pmu_create() function incorrectly uses smp_processor_id(), which assumes disabled preemption. This leads to kernel warnings during module loading because meson_ddr_pmu_create() can be called in a preemptible context. Following kernel warning and stack trace: [ 31.745138] [ T2289] BUG: using smp_processor_id() in preemptible [00000000] code: (udev-worker)/2289 [ 31.745154] [ T2289] caller is debug_smp_processor_id+0x28/0x38 [ 31.745172] [ T2289] CPU: 4 UID: 0 PID: 2289 Comm: (udev-worker) Tainted: GW 6.14.0-0-MANJARO-ARM #1 59519addcbca6ba8de735e151fd7b9e97aac7ff0 [ 31.745181] [ T2289] Tainted: [W]=WARN [ 31.745183] [ T2289] Hardware name: Hardkernel ODROID-N2Plus (DT) [ 31.745188] [ T2289] Call trace: [ 31.745191] [ T2289] show_stack+0x28/0x40 (C) [ 31.745199] [ T2289] dump_stack_lvl+0x4c/0x198 [ 31.745205] [ T2289] dump_stack+0x20/0x50 [ 31.745209] [ T2289] check_preemption_disabled+0xec/0xf0 [ 31.745213] [ T2289] debug_smp_processor_id+0x28/0x38 [ 31.745216] [ T2289] meson_ddr_pmu_create+0x200/0x560 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd] [ 31.745237] [ T2289] g12_ddr_pmu_probe+0x20/0x38 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd] [ 31.745246] [ T2289] platform_probe+0x98/0xe0 [ 31.745254] [ T2289] really_probe+0x144/0x3f8 [ 31.745258] [ T2289] __driver_probe_device+0xb8/0x180 [ 31.745261] [ T2289] driver_probe_device+0x54/0x268 [ 31.745264] [ T2289] __driver_attach+0x11c/0x288 [ 31.745267] [ T2289] bus_for_each_dev+0xfc/0x160 [ 31.745274] [ T2289] driver_attach+0x34/0x50 [ 31.745277] [ T2289] bus_add_driver+0x160/0x2b0 [ 31.745281] [ T2289] driver_register+0x78/0x120 [ 31.745285] [ T2289] __platform_driver_register+0x30/0x48 [ 31.745288] [ T2289] init_module+0x30/0xfe0 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd] [ 31.745298] [ T2289] do_one_initcall+0x11c/0x438 [ 31.745303] [ T2289] do_init_module+0x68/0x228 [ 31.745311] [ T2289] load_module+0x118c/0x13a8 [ 31.745315] [ T2289] __arm64_sys_finit_module+0x274/0x390 [ 31.745320] [ T2289] invoke_syscall+0x74/0x108 [ 31.745326] [ T2289] el0_svc_common+0x90/0xf8 [ 31.745330] [ T2289] do_el0_svc+0x2c/0x48 [ 31.745333] [ T2289] el0_svc+0x60/0x150 [ 31.745337] [ T2289] el0t_64_sync_handler+0x80/0x118 [ 31.745341] [ T2289] el0t_64_sync+0x1b8/0x1c0 Changes replaces smp_processor_id() with raw_smp_processor_id() to ensure safe CPU ID retrieval in preemptible contexts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2026-03-17
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38295
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amlogic meson_ddr_pmu *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's Amlogic DDR PMU driver, specifically in the meson_ddr_pmu_create() function. The function incorrectly uses smp_processor_id(), which assumes that preemption is disabled. However, meson_ddr_pmu_create() can be called in a preemptible context, leading to kernel warnings and potential instability. The issue is fixed by replacing smp_processor_id() with raw_smp_processor_id(), which safely retrieves the CPU ID even when preemption is enabled.


How can this vulnerability impact me? :

This vulnerability can cause kernel warnings and potentially unstable behavior during module loading because the function meson_ddr_pmu_create() uses smp_processor_id() in a context where preemption is allowed. This misuse can lead to kernel warnings and stack traces, which may affect system stability or reliability on affected devices using the Amlogic DDR PMU driver.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the kernel logs for specific warnings related to the use of smp_processor_id() in a preemptible context. You can use the command `dmesg | grep smp_processor_id` or `journalctl -k | grep smp_processor_id` to look for kernel warnings and stack traces similar to those described in the vulnerability, such as messages containing 'BUG: using smp_processor_id() in preemptible' and call traces involving meson_ddr_pmu_create().


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to update the Linux kernel to a version where the vulnerability is fixed by replacing smp_processor_id() with raw_smp_processor_id() in the meson_ddr_pmu_create() function. Until the update is applied, monitoring kernel logs for the warning and avoiding loading the affected module may help reduce impact.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart