Kernel Vulnerability in Linux Affecting Aspeed LPC Snooper
CVE-2025-38487

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38487?

A vulnerability exists in the Linux kernel related to the Aspeed LPC Snooper driver, where channels that are not enabled may be incorrectly disabled. This could lead to a NULL pointer dereference when attempting to execute specific driver commands, resulting in a potential system crash. Erroneous calls during device removal processes could also exacerbate stability issues, especially in multi-threaded ARM environments. Regular updates and proper device management practices are essential to mitigate associated risks.

Affected Version(s)

Linux 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1

Linux 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1 < 329a80adc0e5f815d0514a6d403aaaf0995cd9be

Linux 9f4f9ae81d0affc182f54dd00285ddb90e0b3ae1

References

https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f...

https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d4...

https://git.kernel.org/stable/c/b361598b7352f02456619a610...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025