CVE-2025-38559

MEDIUM

Linux Kernel 6.12-6.12.41, 6.13-6.15.9, 6.16 - NULL Pointer Dereference in Intel PMT Crashlog Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without the ep, the crashlog usage causes the following NULL pointer exception: BUG: kernel NULL pointer dereference, address: 0000000000000000 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class] Code: Call Trace: <TASK> ? sysfs_kf_bin_read+0xc0/0xe0 kernfs_fop_read_iter+0xac/0x1a0 vfs_read+0x26d/0x350 ksys_read+0x6b/0xe0 __x64_sys_read+0x1d/0x30 x64_sys_call+0x1bc8/0x1d70 do_syscall_64+0x6d/0x110 Augment struct intel_pmt_entry with a pointer to the pcidev to avoid the NULL pointer exception.

References (4)

Core 4

Scores

CVSS v3 5.5
EPSS 0.0014
EPSS Percentile 4.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (14)
linux/Kernel 6.12.0 - 6.12.42linux
linux/Kernel 6.13.0 - 6.15.10linux
linux/Kernel 6.16.0 - 6.16.1linux
Linux/Linux < 6.12
Linux/Linux 045a513040cc0242d364c05c3791594e2294f32d - 089d05266b2caf020ac2ae2cd2be78f580268f5d
Linux/Linux 045a513040cc0242d364c05c3791594e2294f32d - 18d53b543b5447478e259c96ca4688393f327c98
Linux/Linux 045a513040cc0242d364c05c3791594e2294f32d - 54d5cd4719c5e87f33d271c9ac2e393147d934f8
Linux/Linux 045a513040cc0242d364c05c3791594e2294f32d - 860d93bd6a21f08883711196344c353bc3936a2b
Linux/Linux 6.12
Linux/Linux 6.12.42 - 6.12.*
... and 4 more
Published Aug 19, 2025
Tracked Since Feb 18, 2026