CVE-2025-38576
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple race conditions between the PCIe hotplug driver and the EEH driver in the Linux kernel. These race conditions can cause kernel oopses (crashes) during events such as PCIe device unplugging, EEH driver triggers, hotplug removal triggers, PCIe tree reconfiguration, and EEH recovery steps. Additionally, kernel oopses can occur if the underlying bus disappears during device recovery. The vulnerability was addressed by refactoring the EEH module to be safe for PCI rescan and removal, and by improving code formatting and readability.
How can this vulnerability impact me? :
This vulnerability can lead to kernel crashes (oopses) during PCIe device hotplug operations, which may cause system instability or downtime. Such instability can affect system reliability and availability, potentially disrupting services or operations that depend on the affected Linux kernel.