Linux Kernel Vulnerability in OCP Protocol Signal Handling
CVE-2025-38054

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38054?

A vulnerability in the Linux kernel's implementation of the OCP protocol allows for exploitable conditions due to uninitialized elements being accessed in signal and frequency output arrays. This can lead to NULL pointer dereferences, resulting in kernel crashes (page_fault_oops). To mitigate this risk, a recent patch has been introduced that limits the number of initialized elements within the freq_in[] and signal_out[] arrays to four, along with adjustments to the summary output functions to guard against out-of-bounds access. This ensures safe array handling and stabilizes kernel operations, enhancing overall system security.

Affected Version(s)

Linux ef61f5528fca6c3bbb2f8bc002fd1949c9d1f9b9 < 0b7d3e782027ac3b6fec56159e8e348042000aef

Linux ef61f5528fca6c3bbb2f8bc002fd1949c9d1f9b9

References

https://git.kernel.org/stable/c/0b7d3e782027ac3b6fec56159...

https://git.kernel.org/stable/c/fcad74f894ac89790084cc2e1...

https://git.kernel.org/stable/c/c9e455581e2ba87ee38c126e8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025