CVE-2025-38559
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-11-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.12 (inc) to 6.12.42 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.10 (exc) |
| linux | linux_kernel | From 6.16 (inc) to 6.16.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the Linux kernel's intel_pmt_read() function related to platform/x86/intel/pmt. The function requires a pcidev pointer, but in some cases, this pointer is missing, causing a crash (NULL pointer exception) when the function is used for crashlog binary sysfs reading. The fix involves augmenting the intel_pmt_entry structure with a pointer to the pcidev to prevent this NULL pointer dereference.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference, leading to system instability or denial of service. Specifically, attempts to read certain telemetry or crashlog data via sysfs could trigger this kernel crash, potentially disrupting system operations.