FKIE_CVE-2025-38296

Vulnerability from fkie_nvd - Published: 2025-07-10 08:15 - Updated: 2025-11-19 20:42
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: ACPI: platform_profile: Avoid initializing on non-ACPI platforms The platform profile driver is loaded even on platforms that do not have ACPI enabled. The initialization of the sysfs entries was recently moved from platform_profile_register() to the module init call, and those entries need acpi_kobj to be initialized which is not the case when ACPI is disabled. This results in the following warning: WARNING: CPU: 5 PID: 1 at fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8 Modules linked in: CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.15.0-rc7-dirty #6 PREEMPT Tainted: [W]=WARN Hardware name: riscv-virtio,qemu (DT) epc : internal_create_group+0xa22/0xdd8 ra : internal_create_group+0xa22/0xdd8 Call Trace: internal_create_group+0xa22/0xdd8 sysfs_create_group+0x22/0x2e platform_profile_init+0x74/0xb2 do_one_initcall+0x198/0xa9e kernel_init_freeable+0x6d8/0x780 kernel_init+0x28/0x24c ret_from_fork+0xe/0x18 Fix this by checking if ACPI is enabled before trying to create sysfs entries. [ rjw: Subject and changelog edits ]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ccc3d68b92be89c30ba42ac62d2a141bd0c2b457Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dd133162c9cff5951a692fab9811fadf46a46457Patch
Impacted products
Vendor Product Version
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59623E70-FBCF-4F5B-A3CE-07A4482CED29",
              "versionEndExcluding": "6.15.3",
              "versionStartIncluding": "6.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: platform_profile: Avoid initializing on non-ACPI platforms\n\nThe platform profile driver is loaded even on platforms that do not have\nACPI enabled. The initialization of the sysfs entries was recently moved\nfrom platform_profile_register() to the module init call, and those\nentries need acpi_kobj to be initialized which is not the case when ACPI\nis disabled.\n\nThis results in the following warning:\n\n WARNING: CPU: 5 PID: 1 at fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8\n Modules linked in:\n CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Tainted: G        W           6.15.0-rc7-dirty #6 PREEMPT\n Tainted: [W]=WARN\n Hardware name: riscv-virtio,qemu (DT)\n epc : internal_create_group+0xa22/0xdd8\n  ra : internal_create_group+0xa22/0xdd8\n\n Call Trace:\n\n internal_create_group+0xa22/0xdd8\n sysfs_create_group+0x22/0x2e\n platform_profile_init+0x74/0xb2\n do_one_initcall+0x198/0xa9e\n kernel_init_freeable+0x6d8/0x780\n kernel_init+0x28/0x24c\n ret_from_fork+0xe/0x18\n\nFix this by checking if ACPI is enabled before trying to create sysfs\nentries.\n\n[ rjw: Subject and changelog edits ]"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: platform_profile: Evitar la inicializaci\u00f3n en plataformas sin ACPI. El controlador de perfil de plataforma se carga incluso en plataformas que no tienen ACPI habilitado. La inicializaci\u00f3n de las entradas sysfs se traslad\u00f3 recientemente de platform_profile_register() a la llamada init del m\u00f3dulo, y estas entradas requieren la inicializaci\u00f3n de acpi_kobj, lo cual no ocurre cuando ACPI est\u00e1 deshabilitado. Esto genera la siguiente advertencia: ADVERTENCIA: CPU: 5 PID: 1 en fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8 M\u00f3dulos vinculados: CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Contaminado: GW 6.15.0-rc7-dirty #6 PREEMPT Contaminado: [W]=WARN Nombre del hardware: riscv-virtio,qemu (DT) epc : internal_create_group+0xa22/0xdd8 ra : internal_create_group+0xa22/0xdd8 Rastreo de llamadas: internal_create_group+0xa22/0xdd8 sysfs_create_group+0x22/0x2e platform_profile_init+0x74/0xb2 do_one_initcall+0x198/0xa9e kernel_init_freeable+0x6d8/0x780 kernel_init+0x28/0x24c ret_from_fork+0xe/0x18 Solucione esto comprobando si ACPI est\u00e1 habilitado antes de intentar crear entradas sysfs. [ rjw: Ediciones de asunto y registro de cambios ]"
    }
  ],
  "id": "CVE-2025-38296",
  "lastModified": "2025-11-19T20:42:58.397",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-10T08:15:28.277",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ccc3d68b92be89c30ba42ac62d2a141bd0c2b457"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/dd133162c9cff5951a692fab9811fadf46a46457"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.