logo_clicknbuy.png

CVE-2025-38296 – Linux Kernel ACPI Platform Profile Driver Initialization Vulnerability

The following table lists the changes that have been made to the
CVE-2025-38296 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 10, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    ACPI: platform_profile: Avoid initializing on non-ACPI platforms

    The platform profile driver is loaded even on platforms that do not have
    ACPI enabled. The initialization of the sysfs entries was recently moved
    from platform_profile_register() to the module init call, and those
    entries need acpi_kobj to be initialized which is not the case when ACPI
    is disabled.

    This results in the following warning:

    WARNING: CPU: 5 PID: 1 at fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8
    Modules linked in:
    CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.15.0-rc7-dirty #6 PREEMPT
    Tainted: [W]=WARN
    Hardware name: riscv-virtio,qemu (DT)
    epc : internal_create_group+0xa22/0xdd8
    ra : internal_create_group+0xa22/0xdd8

    Call Trace:

    internal_create_group+0xa22/0xdd8
    sysfs_create_group+0x22/0x2e
    platform_profile_init+0x74/0xb2
    do_one_initcall+0x198/0xa9e
    kernel_init_freeable+0x6d8/0x780
    kernel_init+0x28/0x24c
    ret_from_fork+0xe/0x18

    Fix this by checking if ACPI is enabled before trying to create sysfs
    entries.

    [ rjw: Subject and changelog edits ]
    Added Reference https://git.kernel.org/stable/c/ccc3d68b92be89c30ba42ac62d2a141bd0c2b457
    Added Reference https://git.kernel.org/stable/c/dd133162c9cff5951a692fab9811fadf46a46457
Share the Post:

Related Posts