CVE-2025-38295 (GCVE-0-2025-38295)
Vulnerability from cvelistv5
Published
2025-07-10 07:42
Modified
2025-07-28 04:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()
The Amlogic DDR PMU driver meson_ddr_pmu_create() function incorrectly uses
smp_processor_id(), which assumes disabled preemption. This leads to kernel
warnings during module loading because meson_ddr_pmu_create() can be called
in a preemptible context.
Following kernel warning and stack trace:
[ 31.745138] [ T2289] BUG: using smp_processor_id() in preemptible [00000000] code: (udev-worker)/2289
[ 31.745154] [ T2289] caller is debug_smp_processor_id+0x28/0x38
[ 31.745172] [ T2289] CPU: 4 UID: 0 PID: 2289 Comm: (udev-worker) Tainted: GW 6.14.0-0-MANJARO-ARM #1 59519addcbca6ba8de735e151fd7b9e97aac7ff0
[ 31.745181] [ T2289] Tainted: [W]=WARN
[ 31.745183] [ T2289] Hardware name: Hardkernel ODROID-N2Plus (DT)
[ 31.745188] [ T2289] Call trace:
[ 31.745191] [ T2289] show_stack+0x28/0x40 (C)
[ 31.745199] [ T2289] dump_stack_lvl+0x4c/0x198
[ 31.745205] [ T2289] dump_stack+0x20/0x50
[ 31.745209] [ T2289] check_preemption_disabled+0xec/0xf0
[ 31.745213] [ T2289] debug_smp_processor_id+0x28/0x38
[ 31.745216] [ T2289] meson_ddr_pmu_create+0x200/0x560 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]
[ 31.745237] [ T2289] g12_ddr_pmu_probe+0x20/0x38 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]
[ 31.745246] [ T2289] platform_probe+0x98/0xe0
[ 31.745254] [ T2289] really_probe+0x144/0x3f8
[ 31.745258] [ T2289] __driver_probe_device+0xb8/0x180
[ 31.745261] [ T2289] driver_probe_device+0x54/0x268
[ 31.745264] [ T2289] __driver_attach+0x11c/0x288
[ 31.745267] [ T2289] bus_for_each_dev+0xfc/0x160
[ 31.745274] [ T2289] driver_attach+0x34/0x50
[ 31.745277] [ T2289] bus_add_driver+0x160/0x2b0
[ 31.745281] [ T2289] driver_register+0x78/0x120
[ 31.745285] [ T2289] __platform_driver_register+0x30/0x48
[ 31.745288] [ T2289] init_module+0x30/0xfe0 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]
[ 31.745298] [ T2289] do_one_initcall+0x11c/0x438
[ 31.745303] [ T2289] do_init_module+0x68/0x228
[ 31.745311] [ T2289] load_module+0x118c/0x13a8
[ 31.745315] [ T2289] __arm64_sys_finit_module+0x274/0x390
[ 31.745320] [ T2289] invoke_syscall+0x74/0x108
[ 31.745326] [ T2289] el0_svc_common+0x90/0xf8
[ 31.745330] [ T2289] do_el0_svc+0x2c/0x48
[ 31.745333] [ T2289] el0_svc+0x60/0x150
[ 31.745337] [ T2289] el0t_64_sync_handler+0x80/0x118
[ 31.745341] [ T2289] el0t_64_sync+0x1b8/0x1c0
Changes replaces smp_processor_id() with raw_smp_processor_id() to
ensure safe CPU ID retrieval in preemptible contexts.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/perf/amlogic/meson_ddr_pmu_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "77511c2d2d1cbce8d9b4f50849843dd469d14173",
"status": "affected",
"version": "2016e2113d35ba06866961a39e9a9c822f2ffabd",
"versionType": "git"
},
{
"lessThan": "b038ffbd49e41f99228dbb0c66d6dd7b20292884",
"status": "affected",
"version": "2016e2113d35ba06866961a39e9a9c822f2ffabd",
"versionType": "git"
},
{
"lessThan": "6f5f53048d3b761d694430632d3a03977273e987",
"status": "affected",
"version": "2016e2113d35ba06866961a39e9a9c822f2ffabd",
"versionType": "git"
},
{
"lessThan": "097469a2b0f12b91b4f27b9e9e4f2c46484cde30",
"status": "affected",
"version": "2016e2113d35ba06866961a39e9a9c822f2ffabd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/perf/amlogic/meson_ddr_pmu_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.94",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.34",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()\n\nThe Amlogic DDR PMU driver meson_ddr_pmu_create() function incorrectly uses\nsmp_processor_id(), which assumes disabled preemption. This leads to kernel\nwarnings during module loading because meson_ddr_pmu_create() can be called\nin a preemptible context.\n\nFollowing kernel warning and stack trace:\n[ 31.745138] [ T2289] BUG: using smp_processor_id() in preemptible [00000000] code: (udev-worker)/2289\n[ 31.745154] [ T2289] caller is debug_smp_processor_id+0x28/0x38\n[ 31.745172] [ T2289] CPU: 4 UID: 0 PID: 2289 Comm: (udev-worker) Tainted: GW 6.14.0-0-MANJARO-ARM #1 59519addcbca6ba8de735e151fd7b9e97aac7ff0\n[ 31.745181] [ T2289] Tainted: [W]=WARN\n[ 31.745183] [ T2289] Hardware name: Hardkernel ODROID-N2Plus (DT)\n[ 31.745188] [ T2289] Call trace:\n[ 31.745191] [ T2289] show_stack+0x28/0x40 (C)\n[ 31.745199] [ T2289] dump_stack_lvl+0x4c/0x198\n[ 31.745205] [ T2289] dump_stack+0x20/0x50\n[ 31.745209] [ T2289] check_preemption_disabled+0xec/0xf0\n[ 31.745213] [ T2289] debug_smp_processor_id+0x28/0x38\n[ 31.745216] [ T2289] meson_ddr_pmu_create+0x200/0x560 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]\n[ 31.745237] [ T2289] g12_ddr_pmu_probe+0x20/0x38 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]\n[ 31.745246] [ T2289] platform_probe+0x98/0xe0\n[ 31.745254] [ T2289] really_probe+0x144/0x3f8\n[ 31.745258] [ T2289] __driver_probe_device+0xb8/0x180\n[ 31.745261] [ T2289] driver_probe_device+0x54/0x268\n[ 31.745264] [ T2289] __driver_attach+0x11c/0x288\n[ 31.745267] [ T2289] bus_for_each_dev+0xfc/0x160\n[ 31.745274] [ T2289] driver_attach+0x34/0x50\n[ 31.745277] [ T2289] bus_add_driver+0x160/0x2b0\n[ 31.745281] [ T2289] driver_register+0x78/0x120\n[ 31.745285] [ T2289] __platform_driver_register+0x30/0x48\n[ 31.745288] [ T2289] init_module+0x30/0xfe0 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]\n[ 31.745298] [ T2289] do_one_initcall+0x11c/0x438\n[ 31.745303] [ T2289] do_init_module+0x68/0x228\n[ 31.745311] [ T2289] load_module+0x118c/0x13a8\n[ 31.745315] [ T2289] __arm64_sys_finit_module+0x274/0x390\n[ 31.745320] [ T2289] invoke_syscall+0x74/0x108\n[ 31.745326] [ T2289] el0_svc_common+0x90/0xf8\n[ 31.745330] [ T2289] do_el0_svc+0x2c/0x48\n[ 31.745333] [ T2289] el0_svc+0x60/0x150\n[ 31.745337] [ T2289] el0t_64_sync_handler+0x80/0x118\n[ 31.745341] [ T2289] el0t_64_sync+0x1b8/0x1c0\n\nChanges replaces smp_processor_id() with raw_smp_processor_id() to\nensure safe CPU ID retrieval in preemptible contexts."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T04:17:47.042Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/77511c2d2d1cbce8d9b4f50849843dd469d14173"
},
{
"url": "https://git.kernel.org/stable/c/b038ffbd49e41f99228dbb0c66d6dd7b20292884"
},
{
"url": "https://git.kernel.org/stable/c/6f5f53048d3b761d694430632d3a03977273e987"
},
{
"url": "https://git.kernel.org/stable/c/097469a2b0f12b91b4f27b9e9e4f2c46484cde30"
}
],
"title": "perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38295",
"datePublished": "2025-07-10T07:42:09.521Z",
"dateReserved": "2025-04-16T04:51:24.001Z",
"dateUpdated": "2025-07-28T04:17:47.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38295\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-10T08:15:28.160\",\"lastModified\":\"2025-07-10T13:17:30.017\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nperf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()\\n\\nThe Amlogic DDR PMU driver meson_ddr_pmu_create() function incorrectly uses\\nsmp_processor_id(), which assumes disabled preemption. This leads to kernel\\nwarnings during module loading because meson_ddr_pmu_create() can be called\\nin a preemptible context.\\n\\nFollowing kernel warning and stack trace:\\n[ 31.745138] [ T2289] BUG: using smp_processor_id() in preemptible [00000000] code: (udev-worker)/2289\\n[ 31.745154] [ T2289] caller is debug_smp_processor_id+0x28/0x38\\n[ 31.745172] [ T2289] CPU: 4 UID: 0 PID: 2289 Comm: (udev-worker) Tainted: GW 6.14.0-0-MANJARO-ARM #1 59519addcbca6ba8de735e151fd7b9e97aac7ff0\\n[ 31.745181] [ T2289] Tainted: [W]=WARN\\n[ 31.745183] [ T2289] Hardware name: Hardkernel ODROID-N2Plus (DT)\\n[ 31.745188] [ T2289] Call trace:\\n[ 31.745191] [ T2289] show_stack+0x28/0x40 (C)\\n[ 31.745199] [ T2289] dump_stack_lvl+0x4c/0x198\\n[ 31.745205] [ T2289] dump_stack+0x20/0x50\\n[ 31.745209] [ T2289] check_preemption_disabled+0xec/0xf0\\n[ 31.745213] [ T2289] debug_smp_processor_id+0x28/0x38\\n[ 31.745216] [ T2289] meson_ddr_pmu_create+0x200/0x560 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]\\n[ 31.745237] [ T2289] g12_ddr_pmu_probe+0x20/0x38 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]\\n[ 31.745246] [ T2289] platform_probe+0x98/0xe0\\n[ 31.745254] [ T2289] really_probe+0x144/0x3f8\\n[ 31.745258] [ T2289] __driver_probe_device+0xb8/0x180\\n[ 31.745261] [ T2289] driver_probe_device+0x54/0x268\\n[ 31.745264] [ T2289] __driver_attach+0x11c/0x288\\n[ 31.745267] [ T2289] bus_for_each_dev+0xfc/0x160\\n[ 31.745274] [ T2289] driver_attach+0x34/0x50\\n[ 31.745277] [ T2289] bus_add_driver+0x160/0x2b0\\n[ 31.745281] [ T2289] driver_register+0x78/0x120\\n[ 31.745285] [ T2289] __platform_driver_register+0x30/0x48\\n[ 31.745288] [ T2289] init_module+0x30/0xfe0 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]\\n[ 31.745298] [ T2289] do_one_initcall+0x11c/0x438\\n[ 31.745303] [ T2289] do_init_module+0x68/0x228\\n[ 31.745311] [ T2289] load_module+0x118c/0x13a8\\n[ 31.745315] [ T2289] __arm64_sys_finit_module+0x274/0x390\\n[ 31.745320] [ T2289] invoke_syscall+0x74/0x108\\n[ 31.745326] [ T2289] el0_svc_common+0x90/0xf8\\n[ 31.745330] [ T2289] do_el0_svc+0x2c/0x48\\n[ 31.745333] [ T2289] el0_svc+0x60/0x150\\n[ 31.745337] [ T2289] el0t_64_sync_handler+0x80/0x118\\n[ 31.745341] [ T2289] el0t_64_sync+0x1b8/0x1c0\\n\\nChanges replaces smp_processor_id() with raw_smp_processor_id() to\\nensure safe CPU ID retrieval in preemptible contexts.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/amlogic: Reemplazar smp_processor_id() por raw_smp_processor_id() en meson_ddr_pmu_create(). La funci\u00f3n meson_ddr_pmu_create() del controlador PMU DDR de Amlogic utiliza incorrectamente smp_processor_id(), que presupone la preempci\u00f3n deshabilitada. Esto genera advertencias del kernel durante la carga del m\u00f3dulo, ya que meson_ddr_pmu_create() puede invocarse en un contexto preemptible. Siguiente advertencia del kernel y seguimiento de la pila: [ 31.745138] [ T2289] ERROR: using smp_processor_id() in preemptible [00000000] code: (udev-worker)/2289 [ 31.745154] [ T2289] caller is debug_smp_processor_id+0x28/0x38 [ 31.745172] [ T2289] CPU: 4 UID: 0 PID: 2289 Comm: (udev-worker) Tainted: GW 6.14.0-0-MANJARO-ARM #1 59519addcbca6ba8de735e151fd7b9e97aac7ff0 [ 31.745181] [ T2289] Tainted: [W]=WARN [ 31.745183] [ T2289] Hardware name: Hardkernel ODROID-N2Plus (DT) [ 31.745188] [ T2289] Call trace: [ 31.745191] [ T2289] show_stack+0x28/0x40 (C) [ 31.745199] [ T2289] dump_stack_lvl+0x4c/0x198 [ 31.745205] [ T2289] dump_stack+0x20/0x50 [ 31.745209] [ T2289] check_preemption_disabled+0xec/0xf0 [ 31.745213] [ T2289] debug_smp_processor_id+0x28/0x38 [ 31.745216] [ T2289] meson_ddr_pmu_create+0x200/0x560 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd] [ 31.745237] [ T2289] g12_ddr_pmu_probe+0x20/0x38 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd] [ 31.745246] [ T2289] platform_probe+0x98/0xe0 [ 31.745254] [ T2289] really_probe+0x144/0x3f8 [ 31.745258] [ T2289] __driver_probe_device+0xb8/0x180 [ 31.745261] [ T2289] driver_probe_device+0x54/0x268 [ 31.745264] [ T2289] __driver_attach+0x11c/0x288 [ 31.745267] [ T2289] bus_for_each_dev+0xfc/0x160 [ 31.745274] [ T2289] driver_attach+0x34/0x50 [ 31.745277] [ T2289] bus_add_driver+0x160/0x2b0 [ 31.745281] [ T2289] driver_register+0x78/0x120 [ 31.745285] [ T2289] __platform_driver_register+0x30/0x48 [ 31.745288] [ T2289] init_module+0x30/0xfe0 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd] [ 31.745298] [ T2289] do_one_initcall+0x11c/0x438 [ 31.745303] [ T2289] do_init_module+0x68/0x228 [ 31.745311] [ T2289] load_module+0x118c/0x13a8 [ 31.745315] [ T2289] __arm64_sys_finit_module+0x274/0x390 [ 31.745320] [ T2289] invoke_syscall+0x74/0x108 [ 31.745326] [ T2289] el0_svc_common+0x90/0xf8 [ 31.745330] [ T2289] do_el0_svc+0x2c/0x48 [ 31.745333] [ T2289] el0_svc+0x60/0x150 [ 31.745337] [ T2289] el0t_64_sync_handler+0x80/0x118 [ 31.745341] [ T2289] el0t_64_sync+0x1b8/0x1c0 Los cambios reemplazan smp_processor_id() con raw_smp_processor_id() para garantizar la recuperaci\u00f3n segura de la ID de la CPU en contextos preemptibles.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/097469a2b0f12b91b4f27b9e9e4f2c46484cde30\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6f5f53048d3b761d694430632d3a03977273e987\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/77511c2d2d1cbce8d9b4f50849843dd469d14173\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b038ffbd49e41f99228dbb0c66d6dd7b20292884\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…