ghsa-fpw2-q5q5-h668
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
ACPI: platform_profile: Avoid initializing on non-ACPI platforms
The platform profile driver is loaded even on platforms that do not have ACPI enabled. The initialization of the sysfs entries was recently moved from platform_profile_register() to the module init call, and those entries need acpi_kobj to be initialized which is not the case when ACPI is disabled.
This results in the following warning:
WARNING: CPU: 5 PID: 1 at fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8 Modules linked in: CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.15.0-rc7-dirty #6 PREEMPT Tainted: [W]=WARN Hardware name: riscv-virtio,qemu (DT) epc : internal_create_group+0xa22/0xdd8 ra : internal_create_group+0xa22/0xdd8
Call Trace:
internal_create_group+0xa22/0xdd8 sysfs_create_group+0x22/0x2e platform_profile_init+0x74/0xb2 do_one_initcall+0x198/0xa9e kernel_init_freeable+0x6d8/0x780 kernel_init+0x28/0x24c ret_from_fork+0xe/0x18
Fix this by checking if ACPI is enabled before trying to create sysfs entries.
[ rjw: Subject and changelog edits ]
{
"affected": [],
"aliases": [
"CVE-2025-38296"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T08:15:28Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: platform_profile: Avoid initializing on non-ACPI platforms\n\nThe platform profile driver is loaded even on platforms that do not have\nACPI enabled. The initialization of the sysfs entries was recently moved\nfrom platform_profile_register() to the module init call, and those\nentries need acpi_kobj to be initialized which is not the case when ACPI\nis disabled.\n\nThis results in the following warning:\n\n WARNING: CPU: 5 PID: 1 at fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8\n Modules linked in:\n CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.15.0-rc7-dirty #6 PREEMPT\n Tainted: [W]=WARN\n Hardware name: riscv-virtio,qemu (DT)\n epc : internal_create_group+0xa22/0xdd8\n ra : internal_create_group+0xa22/0xdd8\n\n Call Trace:\n\n internal_create_group+0xa22/0xdd8\n sysfs_create_group+0x22/0x2e\n platform_profile_init+0x74/0xb2\n do_one_initcall+0x198/0xa9e\n kernel_init_freeable+0x6d8/0x780\n kernel_init+0x28/0x24c\n ret_from_fork+0xe/0x18\n\nFix this by checking if ACPI is enabled before trying to create sysfs\nentries.\n\n[ rjw: Subject and changelog edits ]",
"id": "GHSA-fpw2-q5q5-h668",
"modified": "2025-07-10T09:32:30Z",
"published": "2025-07-10T09:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38296"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ccc3d68b92be89c30ba42ac62d2a141bd0c2b457"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd133162c9cff5951a692fab9811fadf46a46457"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.