ghsa-r9h8-qv2j-9qwp
Vulnerability from github
Published
2025-07-09 12:31
Modified
2025-07-09 12:31
Details

In the Linux kernel, the following vulnerability has been resolved:

cxl/ras: Fix CPER handler device confusion

By inspection, cxl_cper_handle_prot_err() is making a series of fragile assumptions that can lead to crashes:

1/ It assumes that endpoints identified in the record are a CXL-type-3 device, nothing guarantees that.

2/ It assumes that the device is bound to the cxl_pci driver, nothing guarantees that.

3/ Minor, it holds the device lock over the switch-port tracing for no reason as the trace is 100% generated from data in the record.

Correct those by checking that the PCIe endpoint parents a cxl_memdev before assuming the format of the driver data, and move the lock to where it is required. Consequently this also makes the implementation ready for CXL accelerators that are not bound to cxl_pci.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-38252"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-09T11:15:27Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/ras: Fix CPER handler device confusion\n\nBy inspection, cxl_cper_handle_prot_err() is making a series of fragile\nassumptions that can lead to crashes:\n\n1/ It assumes that endpoints identified in the record are a CXL-type-3\n   device, nothing guarantees that.\n\n2/ It assumes that the device is bound to the cxl_pci driver, nothing\n   guarantees that.\n\n3/ Minor, it holds the device lock over the switch-port tracing for no\n   reason as the trace is 100% generated from data in the record.\n\nCorrect those by checking that the PCIe endpoint parents a cxl_memdev\nbefore assuming the format of the driver data, and move the lock to where\nit is required. Consequently this also makes the implementation ready for\nCXL accelerators that are not bound to cxl_pci.",
  "id": "GHSA-r9h8-qv2j-9qwp",
  "modified": "2025-07-09T12:31:35Z",
  "published": "2025-07-09T12:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38252"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c70ec71abdaf4e4fa48cd8fdfbbd864d78235a8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4bcb8dd36e9e3fad6c22862ac5b6993df838309b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.