logo_clicknbuy.png

CVE-2025-38487 – Aspeed LPC Snoop NULL Pointer Dereference Vulnerability

The following table lists the changes that have been made to the
CVE-2025-38487 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 28, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    soc: aspeed: lpc-snoop: Don’t disable channels that aren’t enabled

    Mitigate e.g. the following:

    # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind

    [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write
    [ 120.373866] [00000004] *pgd=00000000
    [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM
    [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE

    [ 120.679543] Call trace:
    [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac
    [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38
    [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200
    Added Reference https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be
    Added Reference https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247
    Added Reference https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448
    Added Reference https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f
    Added Reference https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a
Share the Post:

Related Posts