fkie_nvd - fkie_cve-2025-38576

FKIE_CVE-2025-38576

Vulnerability from fkie_nvd - Published: 2025-08-19 17:15 - Updated: 2025-11-03 18:16

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature: <pcie device unplug> <eeh driver trigger> <hotplug removal trigger> <pcie tree reconfiguration> <eeh recovery next step> <oops in EEH driver bus iteration loop> A second class of oops is also seen when the underlying bus disappears during device recovery. Refactor the EEH module to be PCI rescan and remove safe. Also clean up a few minor formatting / readability issues.

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1010b4c012b0d78dfb9d3132b49aa2ef024a07a7
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/19d5036e7ad766cf212aebec23b9f1d7924a62bc
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/502f08831a9afb72dc98a56ae6504da43e93b250
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/59c6d3d81d42bf543c90597b4f38c53d6874c5a1
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a426e8a6ae161f51888585b065db0f8f93ab2e16
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d2c60a8a387e9fcc28447ef36c03f8e49fd052a6
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d42bbd8f30ac38b1ce54715bf08ec3dac18d6b25
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f56e004b781719d8fdf6c9619b15caf2579bc1f2
	af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: Make EEH driver device hotplug safe\n\nMultiple race conditions existed between the PCIe hotplug driver and the\nEEH driver, leading to a variety of kernel oopses of the same general\nnature:\n\n\u003cpcie device unplug\u003e\n\u003ceeh driver trigger\u003e\n\u003chotplug removal trigger\u003e\n\u003cpcie tree reconfiguration\u003e\n\u003ceeh recovery next step\u003e\n\u003coops in EEH driver bus iteration loop\u003e\n\nA second class of oops is also seen when the underlying bus disappears\nduring device recovery.\n\nRefactor the EEH module to be PCI rescan and remove safe.  Also clean\nup a few minor formatting / readability issues."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/eeh: Hacer que el dispositivo del controlador EEH sea seguro para la conexi\u00f3n en caliente. Exist\u00edan m\u00faltiples condiciones de ejecuci\u00f3n entre el controlador PCIe de conexi\u00f3n en caliente y el controlador EEH, lo que provocaba diversos errores del kernel de la misma naturaleza general:      . Tambi\u00e9n se observa un segundo tipo de error cuando el bus subyacente desaparece durante la recuperaci\u00f3n del dispositivo. Refactorice el m\u00f3dulo EEH para que sea seguro para la reexploraci\u00f3n y la extracci\u00f3n de PCI. Tambi\u00e9n corrija algunos problemas menores de formato y legibilidad."
    }
  ],
  "id": "CVE-2025-38576",
  "lastModified": "2025-11-03T18:16:30.060",
  "metrics": {},
  "published": "2025-08-19T17:15:34.573",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1010b4c012b0d78dfb9d3132b49aa2ef024a07a7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/19d5036e7ad766cf212aebec23b9f1d7924a62bc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/502f08831a9afb72dc98a56ae6504da43e93b250"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/59c6d3d81d42bf543c90597b4f38c53d6874c5a1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a426e8a6ae161f51888585b065db0f8f93ab2e16"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d2c60a8a387e9fcc28447ef36c03f8e49fd052a6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d42bbd8f30ac38b1ce54715bf08ec3dac18d6b25"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f56e004b781719d8fdf6c9619b15caf2579bc1f2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CVE-2025-38576 (GCVE-0-2025-38576)

Vulnerability from cvelistv5 – Published: 2025-08-19 17:02 – Updated: 2025-11-03 17:40

Summary

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/502f08831a9afb72d…
	https://git.kernel.org/stable/c/f56e004b781719d8f…
	https://git.kernel.org/stable/c/59c6d3d81d42bf543…
	https://git.kernel.org/stable/c/a426e8a6ae161f518…
	https://git.kernel.org/stable/c/d2c60a8a387e9fcc2…
	https://git.kernel.org/stable/c/d42bbd8f30ac38b1c…
	https://git.kernel.org/stable/c/19d5036e7ad766cf2…
	https://git.kernel.org/stable/c/1010b4c012b0d78df…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 502f08831a9afb72dc98a56ae6504da43e93b250 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f56e004b781719d8fdf6c9619b15caf2579bc1f2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 59c6d3d81d42bf543c90597b4f38c53d6874c5a1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a426e8a6ae161f51888585b065db0f8f93ab2e16 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d2c60a8a387e9fcc28447ef36c03f8e49fd052a6 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d42bbd8f30ac38b1ce54715bf08ec3dac18d6b25 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 19d5036e7ad766cf212aebec23b9f1d7924a62bc (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1010b4c012b0d78dfb9d3132b49aa2ef024a07a7 (git)

Linux

Unaffected: 5.10.241 , ≤ 5.10.* (semver)
Unaffected: 5.15.190 , ≤ 5.15.* (semver)
Unaffected: 6.1.148 , ≤ 6.1.* (semver)
Unaffected: 6.6.102 , ≤ 6.6.* (semver)
Unaffected: 6.12.42 , ≤ 6.12.* (semver)
Unaffected: 6.15.10 , ≤ 6.15.* (semver)
Unaffected: 6.16.1 , ≤ 6.16.* (semver)
Unaffected: 6.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:40:03.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/kernel/eeh_driver.c",
            "arch/powerpc/kernel/eeh_pe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "502f08831a9afb72dc98a56ae6504da43e93b250",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f56e004b781719d8fdf6c9619b15caf2579bc1f2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "59c6d3d81d42bf543c90597b4f38c53d6874c5a1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a426e8a6ae161f51888585b065db0f8f93ab2e16",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d2c60a8a387e9fcc28447ef36c03f8e49fd052a6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d42bbd8f30ac38b1ce54715bf08ec3dac18d6b25",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "19d5036e7ad766cf212aebec23b9f1d7924a62bc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1010b4c012b0d78dfb9d3132b49aa2ef024a07a7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/kernel/eeh_driver.c",
            "arch/powerpc/kernel/eeh_pe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.102",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: Make EEH driver device hotplug safe\n\nMultiple race conditions existed between the PCIe hotplug driver and the\nEEH driver, leading to a variety of kernel oopses of the same general\nnature:\n\n\u003cpcie device unplug\u003e\n\u003ceeh driver trigger\u003e\n\u003chotplug removal trigger\u003e\n\u003cpcie tree reconfiguration\u003e\n\u003ceeh recovery next step\u003e\n\u003coops in EEH driver bus iteration loop\u003e\n\nA second class of oops is also seen when the underlying bus disappears\nduring device recovery.\n\nRefactor the EEH module to be PCI rescan and remove safe.  Also clean\nup a few minor formatting / readability issues."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:54:06.789Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/502f08831a9afb72dc98a56ae6504da43e93b250"
        },
        {
          "url": "https://git.kernel.org/stable/c/f56e004b781719d8fdf6c9619b15caf2579bc1f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/59c6d3d81d42bf543c90597b4f38c53d6874c5a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a426e8a6ae161f51888585b065db0f8f93ab2e16"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2c60a8a387e9fcc28447ef36c03f8e49fd052a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/d42bbd8f30ac38b1ce54715bf08ec3dac18d6b25"
        },
        {
          "url": "https://git.kernel.org/stable/c/19d5036e7ad766cf212aebec23b9f1d7924a62bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/1010b4c012b0d78dfb9d3132b49aa2ef024a07a7"
        }
      ],
      "title": "powerpc/eeh: Make EEH driver device hotplug safe",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38576",
    "datePublished": "2025-08-19T17:02:59.623Z",
    "dateReserved": "2025-04-16T04:51:24.025Z",
    "dateUpdated": "2025-11-03T17:40:03.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-38576

CVE-2025-38576 (GCVE-0-2025-38576)

Tags

Sightings

Nomenclature