SB2025072937 - NULL pointer dereference in Linux kernel soc aspeed driver
Published: July 29, 2025
Security Bulletin ID
SB2025072937
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38487)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() and aspeed_lpc_disable_snoop() functions in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/329a80adc0e5f815d0514a6d403aaaf0995cd9be
- https://git.kernel.org/stable/c/56448e78a6bb4e1a8528a0e2efe94eff0400c247
- https://git.kernel.org/stable/c/ac10ed9862104936a412f8b475c869e99f048448
- https://git.kernel.org/stable/c/b361598b7352f02456619a6105c7da952ef69f8f
- https://git.kernel.org/stable/c/dc5598482e2d3b234f6d72d6f5568e24f603e51a