CVE-2025-38296
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-11-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ACPI: platform_profile: Avoid initializing on non-ACPI platforms The platform profile driver is loaded even on platforms that do not have ACPI enabled. The initialization of the sysfs entries was recently moved from platform_profile_register() to the module init call, and those entries need acpi_kobj to be initialized which is not the case when ACPI is disabled. This results in the following warning: WARNING: CPU: 5 PID: 1 at fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8 Modules linked in: CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.15.0-rc7-dirty #6 PREEMPT Tainted: [W]=WARN Hardware name: riscv-virtio,qemu (DT) epc : internal_create_group+0xa22/0xdd8 ra : internal_create_group+0xa22/0xdd8 Call Trace: internal_create_group+0xa22/0xdd8 sysfs_create_group+0x22/0x2e platform_profile_init+0x74/0xb2 do_one_initcall+0x198/0xa9e kernel_init_freeable+0x6d8/0x780 kernel_init+0x28/0x24c ret_from_fork+0xe/0x18 Fix this by checking if ACPI is enabled before trying to create sysfs entries. [ rjw: Subject and changelog edits ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-11-19
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38296
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's platform_profile driver, which is loaded even on systems without ACPI enabled. The driver attempts to initialize sysfs entries that require ACPI to be active, but since ACPI is disabled, this leads to a warning and improper initialization. The issue arises because the initialization was moved to the module init call without checking if ACPI is enabled first. The fix involves verifying ACPI status before creating these sysfs entries.


How can this vulnerability impact me? :

The vulnerability can cause warnings and potential instability during system initialization on platforms without ACPI enabled. It may lead to improper sysfs entry creation, which could affect system behavior or debugging processes, but there is no indication of direct security compromise or data loss.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the specific kernel warning message related to ACPI platform_profile initialization failure. You can look for the warning in the system logs using commands such as: dmesg | grep 'WARNING: CPU' or journalctl -k | grep 'internal_create_group'. These commands help identify the warning generated by the improper initialization of sysfs entries when ACPI is disabled.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the Linux kernel is updated to a version where the fix is applied, which includes checking if ACPI is enabled before initializing the platform_profile sysfs entries. If updating immediately is not possible, monitor system logs for the warning and avoid running the platform_profile driver on non-ACPI platforms.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart