CVE-2025-38252
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/07/2025
Last modified:
10/07/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
cxl/ras: Fix CPER handler device confusion<br />
<br />
By inspection, cxl_cper_handle_prot_err() is making a series of fragile<br />
assumptions that can lead to crashes:<br />
<br />
1/ It assumes that endpoints identified in the record are a CXL-type-3<br />
device, nothing guarantees that.<br />
<br />
2/ It assumes that the device is bound to the cxl_pci driver, nothing<br />
guarantees that.<br />
<br />
3/ Minor, it holds the device lock over the switch-port tracing for no<br />
reason as the trace is 100% generated from data in the record.<br />
<br />
Correct those by checking that the PCIe endpoint parents a cxl_memdev<br />
before assuming the format of the driver data, and move the lock to where<br />
it is required. Consequently this also makes the implementation ready for<br />
CXL accelerators that are not bound to cxl_pci.