CVE-2025-38252

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/07/2025
Last modified:
10/07/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cxl/ras: Fix CPER handler device confusion<br /> <br /> By inspection, cxl_cper_handle_prot_err() is making a series of fragile<br /> assumptions that can lead to crashes:<br /> <br /> 1/ It assumes that endpoints identified in the record are a CXL-type-3<br /> device, nothing guarantees that.<br /> <br /> 2/ It assumes that the device is bound to the cxl_pci driver, nothing<br /> guarantees that.<br /> <br /> 3/ Minor, it holds the device lock over the switch-port tracing for no<br /> reason as the trace is 100% generated from data in the record.<br /> <br /> Correct those by checking that the PCIe endpoint parents a cxl_memdev<br /> before assuming the format of the driver data, and move the lock to where<br /> it is required. Consequently this also makes the implementation ready for<br /> CXL accelerators that are not bound to cxl_pci.

Impact