CVE-2025-38252 (GCVE-0-2025-38252)
Vulnerability from cvelistv5
Published
2025-07-09 10:42
Modified
2025-07-28 04:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: cxl/ras: Fix CPER handler device confusion By inspection, cxl_cper_handle_prot_err() is making a series of fragile assumptions that can lead to crashes: 1/ It assumes that endpoints identified in the record are a CXL-type-3 device, nothing guarantees that. 2/ It assumes that the device is bound to the cxl_pci driver, nothing guarantees that. 3/ Minor, it holds the device lock over the switch-port tracing for no reason as the trace is 100% generated from data in the record. Correct those by checking that the PCIe endpoint parents a cxl_memdev before assuming the format of the driver data, and move the lock to where it is required. Consequently this also makes the implementation ready for CXL accelerators that are not bound to cxl_pci.
References
Impacted products
Vendor Product Version
Linux Linux Version: 36f257e3b0ba904f5a4e7fa8dafaa60e88cdd28c
Version: 36f257e3b0ba904f5a4e7fa8dafaa60e88cdd28c
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/cxl/core/ras.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4bcb8dd36e9e3fad6c22862ac5b6993df838309b",
              "status": "affected",
              "version": "36f257e3b0ba904f5a4e7fa8dafaa60e88cdd28c",
              "versionType": "git"
            },
            {
              "lessThan": "3c70ec71abdaf4e4fa48cd8fdfbbd864d78235a8",
              "status": "affected",
              "version": "36f257e3b0ba904f5a4e7fa8dafaa60e88cdd28c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/cxl/core/ras.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.5",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/ras: Fix CPER handler device confusion\n\nBy inspection, cxl_cper_handle_prot_err() is making a series of fragile\nassumptions that can lead to crashes:\n\n1/ It assumes that endpoints identified in the record are a CXL-type-3\n   device, nothing guarantees that.\n\n2/ It assumes that the device is bound to the cxl_pci driver, nothing\n   guarantees that.\n\n3/ Minor, it holds the device lock over the switch-port tracing for no\n   reason as the trace is 100% generated from data in the record.\n\nCorrect those by checking that the PCIe endpoint parents a cxl_memdev\nbefore assuming the format of the driver data, and move the lock to where\nit is required. Consequently this also makes the implementation ready for\nCXL accelerators that are not bound to cxl_pci."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:16:15.177Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4bcb8dd36e9e3fad6c22862ac5b6993df838309b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c70ec71abdaf4e4fa48cd8fdfbbd864d78235a8"
        }
      ],
      "title": "cxl/ras: Fix CPER handler device confusion",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38252",
    "datePublished": "2025-07-09T10:42:31.477Z",
    "dateReserved": "2025-04-16T04:51:23.997Z",
    "dateUpdated": "2025-07-28T04:16:15.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38252\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-09T11:15:27.430\",\"lastModified\":\"2025-07-10T13:17:30.017\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncxl/ras: Fix CPER handler device confusion\\n\\nBy inspection, cxl_cper_handle_prot_err() is making a series of fragile\\nassumptions that can lead to crashes:\\n\\n1/ It assumes that endpoints identified in the record are a CXL-type-3\\n   device, nothing guarantees that.\\n\\n2/ It assumes that the device is bound to the cxl_pci driver, nothing\\n   guarantees that.\\n\\n3/ Minor, it holds the device lock over the switch-port tracing for no\\n   reason as the trace is 100% generated from data in the record.\\n\\nCorrect those by checking that the PCIe endpoint parents a cxl_memdev\\nbefore assuming the format of the driver data, and move the lock to where\\nit is required. Consequently this also makes the implementation ready for\\nCXL accelerators that are not bound to cxl_pci.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxl/ras: Corregir confusi\u00f3n de dispositivo del controlador CPER Por inspecci\u00f3n, cxl_cper_handle_prot_err() est\u00e1 haciendo una serie de suposiciones fr\u00e1giles que pueden llevar a ca\u00eddas: 1/ Supone que los endpoints identificados en el registro son un dispositivo CXL-type-3, nada lo garantiza. 2/ Supone que el dispositivo est\u00e1 enlazado al controlador cxl_pci, nada lo garantiza. 3/ Leve, mantiene el bloqueo del dispositivo sobre el seguimiento del puerto del conmutador sin ninguna raz\u00f3n ya que el seguimiento se genera 100% a partir de los datos en el registro. Corrija aquellos comprobando que el endpoint PCIe engendre un cxl_memdev antes de asumir el formato de los datos del controlador y mueva el bloqueo a donde se requiere. En consecuencia, esto tambi\u00e9n hace que la implementaci\u00f3n est\u00e9 lista para aceleradores CXL que no est\u00e1n enlazados a cxl_pci.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3c70ec71abdaf4e4fa48cd8fdfbbd864d78235a8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4bcb8dd36e9e3fad6c22862ac5b6993df838309b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.