CXL-type-3 Device Vulnerability in Linux Kernel
CVE-2025-38252

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
9 July 2025

What is CVE-2025-38252?

A vulnerability in the Linux kernel related to CXL-type-3 devices has been identified due to fragile assumptions within the cxl_cper_handle_prot_err() function. It incorrectly assumes that the endpoints identified in the record are CXL-type-3 devices and that they are bound to the cxl_pci driver. Additionally, the device lock is held unnecessarily during the switch-port tracing. These flaws may lead to system crashes, compromising system stability. Remediations involve strengthening checks to ensure the PCIe endpoint is associated with cxl_memdev before making such assumptions, thus enhancing the kernel’s resilience against faulty driver assumptions.

Affected Version(s)

Linux 36f257e3b0ba904f5a4e7fa8dafaa60e88cdd28c < 4bcb8dd36e9e3fad6c22862ac5b6993df838309b

Linux 36f257e3b0ba904f5a4e7fa8dafaa60e88cdd28c < 3c70ec71abdaf4e4fa48cd8fdfbbd864d78235a8

Linux 6.15

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38252 : CXL-type-3 Device Vulnerability in Linux Kernel