{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38559", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.025Z", "datePublished": "2025-08-19T17:02:37.020Z", "dateUpdated": "2025-09-29T05:53:46.873Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-29T05:53:46.873Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/intel/pmt: fix a crashlog NULL pointer access\n\nUsage of the intel_pmt_read() for binary sysfs, requires a pcidev. The\ncurrent use of the endpoint value is only valid for telemetry endpoint\nusage.\n\nWithout the ep, the crashlog usage causes the following NULL pointer\nexception:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nOops: Oops: 0000 [#1] SMP NOPTI\nRIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]\nCode:\nCall Trace:\n <TASK>\n ? sysfs_kf_bin_read+0xc0/0xe0\n kernfs_fop_read_iter+0xac/0x1a0\n vfs_read+0x26d/0x350\n ksys_read+0x6b/0xe0\n __x64_sys_read+0x1d/0x30\n x64_sys_call+0x1bc8/0x1d70\n do_syscall_64+0x6d/0x110\n\nAugment struct intel_pmt_entry with a pointer to the pcidev to avoid\nthe NULL pointer exception."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/intel/pmt/class.c", "drivers/platform/x86/intel/pmt/class.h"], "versions": [{"version": "045a513040cc0242d364c05c3791594e2294f32d", "lessThan": "860d93bd6a21f08883711196344c353bc3936a2b", "status": "affected", "versionType": "git"}, {"version": "045a513040cc0242d364c05c3791594e2294f32d", "lessThan": "18d53b543b5447478e259c96ca4688393f327c98", "status": "affected", "versionType": "git"}, {"version": "045a513040cc0242d364c05c3791594e2294f32d", "lessThan": "089d05266b2caf020ac2ae2cd2be78f580268f5d", "status": "affected", "versionType": "git"}, {"version": "045a513040cc0242d364c05c3791594e2294f32d", "lessThan": "54d5cd4719c5e87f33d271c9ac2e393147d934f8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/intel/pmt/class.c", "drivers/platform/x86/intel/pmt/class.h"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.42", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.10", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.1", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.42"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.15.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.16.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/860d93bd6a21f08883711196344c353bc3936a2b"}, {"url": "https://git.kernel.org/stable/c/18d53b543b5447478e259c96ca4688393f327c98"}, {"url": "https://git.kernel.org/stable/c/089d05266b2caf020ac2ae2cd2be78f580268f5d"}, {"url": "https://git.kernel.org/stable/c/54d5cd4719c5e87f33d271c9ac2e393147d934f8"}], "title": "platform/x86/intel/pmt: fix a crashlog NULL pointer access", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FC3F76F-C8CF-4B19-AC3D-AA1AE05558D7", "versionEndExcluding": "6.12.42", "versionStartIncluding": "6.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5890C690-B295-40C2-9121-FF5F987E5142", "versionEndExcluding": "6.15.10", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "58182352-D7DF-4CC9-841E-03C1D852C3FB", "versionEndExcluding": "6.16.1", "versionStartIncluding": "6.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/intel/pmt: fix a crashlog NULL pointer access\n\nUsage of the intel_pmt_read() for binary sysfs, requires a pcidev. The\ncurrent use of the endpoint value is only valid for telemetry endpoint\nusage.\n\nWithout the ep, the crashlog usage causes the following NULL pointer\nexception:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nOops: Oops: 0000 [#1] SMP NOPTI\nRIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]\nCode:\nCall Trace:\n <TASK>\n ? sysfs_kf_bin_read+0xc0/0xe0\n kernfs_fop_read_iter+0xac/0x1a0\n vfs_read+0x26d/0x350\n ksys_read+0x6b/0xe0\n __x64_sys_read+0x1d/0x30\n x64_sys_call+0x1bc8/0x1d70\n do_syscall_64+0x6d/0x110\n\nAugment struct intel_pmt_entry with a pointer to the pcidev to avoid\nthe NULL pointer exception."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86/intel/pmt: correcci\u00f3n de un acceso a puntero nulo en el registro de fallos. El uso de intel_pmt_read() para sistemas binarios sysfs requiere un pcidev. El uso actual del valor del endpoint solo es v\u00e1lido para el uso de endpoints de telemetr\u00eda. Sin el ep, el uso del registro de fallos provoca la siguiente excepci\u00f3n de puntero nulo: ERROR: desreferencia de puntero nulo del kernel, direcci\u00f3n: 0000000000000000 \u00a1Uy!: \u00a1Uy!: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class] C\u00f3digo: Seguimiento de llamadas: ? Aumente la estructura intel_pmt_entry con un puntero a pcidev para evitar la excepci\u00f3n del puntero NULL."}], "id": "CVE-2025-38559", "lastModified": "2025-11-28T14:42:44.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-08-19T17:15:32.233", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/089d05266b2caf020ac2ae2cd2be78f580268f5d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/18d53b543b5447478e259c96ca4688393f327c98"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/54d5cd4719c5e87f33d271c9ac2e393147d934f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/860d93bd6a21f08883711196344c353bc3936a2b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: platform/x86/intel/pmt: fix a crashlog NULL pointer access", "id": "2389498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389498"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-38559", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38559\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38559\nhttps://lore.kernel.org/linux-cve-announce/2025081906-CVE-2025-38559-9fa1@gregkh/T"], "threat_severity": "Moderate"}