Kernel Vulnerability in AMD CPUs Leading to System Failures
CVE-2025-38518

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-38518?

A vulnerability exists in the Linux kernel impacting AMD CPUs, particularly the Zen2 architecture. The issue stems from a misconfigured CPUID in certain AMD processors, leading to erroneous reporting of the INVLPGB bit. This misconfiguration can cause system oopses and panics when TLB (Translation Lookaside Buffer) flush operations are performed using INVLPGB, potentially destabilizing the system. The kernel has been updated to disable INVLPGB for affected processors to avoid confusion and enhance system stability.

Affected Version(s)

Linux 767ae437a32d644786c0779d0d54492ff9cbe574 < 357f121517924e3ec3021f9d0dd0189adcd09867

Linux 767ae437a32d644786c0779d0d54492ff9cbe574

Linux 6.15

References

https://git.kernel.org/stable/c/357f121517924e3ec3021f9d0...

https://git.kernel.org/stable/c/a74bb5f202dabddfea96abc13...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Apr 16, 2025