Vulnerability in Linux Kernel Affecting Supermicro Super Server Products
CVE-2025-39936
What is CVE-2025-39936?
The vulnerability in the Linux kernel related to the crypto ccp component arises when a NULL pointer is passed during the shutdown process of SEV/SNP functions, leading to potential system crashes. This issue is specifically triggered by the __sev_firmware_shutdown function calling __sev_platform_shutdown_locked with a NULL argument, resulting in a NULL pointer dereference. Proper error handling was overlooked in recent updates, representing a significant concern for service reliability during suspend operations. Enhanced error reporting in the driver can help mitigate future occurrences and improve stability.
Affected Version(s)
Linux 9770b428b1a28360663f1f5e524ee458b4cf454b
Linux 9770b428b1a28360663f1f5e524ee458b4cf454b < 46834d90a9a13549264b9581067d8f746b4b36cc
Linux 6.16