CVE-2025-38296

In the Linux kernel, the following vulnerability has been resolved: ACPI: platform_profile: Avoid initializing on non-ACPI platforms The platform profile driver is loaded even on platforms that do not have ACPI enabled. The initialization of the sysfs entries was recently moved from platform_profile_register() to the module init call, and those entries need acpi_kobj to be initialized which is not the case when ACPI is disabled. This results in the following warning: WARNING: CPU: 5 PID: 1 at fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8 Modules linked in: CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.15.0-rc7-dirty #6 PREEMPT Tainted: [W]=WARN Hardware name: riscv-virtio,qemu (DT) epc : internal_create_group+0xa22/0xdd8 ra : internal_create_group+0xa22/0xdd8 Call Trace: internal_create_group+0xa22/0xdd8 sysfs_create_group+0x22/0x2e platform_profile_init+0x74/0xb2 do_one_initcall+0x198/0xa9e kernel_init_freeable+0x6d8/0x780 kernel_init+0x28/0x24c ret_from_fork+0xe/0x18 Fix this by checking if ACPI is enabled before trying to create sysfs entries. [ rjw: Subject and changelog edits ]

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/ccc3d68b92be89c30ba42ac62d2a141bd0c2b457	Patch
https://git.kernel.org/stable/c/dd133162c9cff5951a692fab9811fadf46a46457	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

19 Nov 2025, 20:42

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/ccc3d68b92be89c30ba42ac62d2a141bd0c2b457 -~~	() https://git.kernel.org/stable/c/ccc3d68b92be89c30ba42ac62d2a141bd0c2b457 - Patch
References	~~() https://git.kernel.org/stable/c/dd133162c9cff5951a692fab9811fadf46a46457 -~~	() https://git.kernel.org/stable/c/dd133162c9cff5951a692fab9811fadf46a46457 - Patch

10 Jul 2025, 13:17

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: platform_profile: Evitar la inicialización en plataformas sin ACPI. El controlador de perfil de plataforma se carga incluso en plataformas que no tienen ACPI habilitado. La inicialización de las entradas sysfs se trasladó recientemente de platform_profile_register() a la llamada init del módulo, y estas entradas requieren la inicialización de acpi_kobj, lo cual no ocurre cuando ACPI está deshabilitado. Esto genera la siguiente advertencia: ADVERTENCIA: CPU: 5 PID: 1 en fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8 Módulos vinculados: CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Contaminado: GW 6.15.0-rc7-dirty #6 PREEMPT Contaminado: [W]=WARN Nombre del hardware: riscv-virtio,qemu (DT) epc : internal_create_group+0xa22/0xdd8 ra : internal_create_group+0xa22/0xdd8 Rastreo de llamadas: internal_create_group+0xa22/0xdd8 sysfs_create_group+0x22/0x2e platform_profile_init+0x74/0xb2 do_one_initcall+0x198/0xa9e kernel_init_freeable+0x6d8/0x780 kernel_init+0x28/0x24c ret_from_fork+0xe/0x18 Solucione esto comprobando si ACPI está habilitado antes de intentar crear entradas sysfs. [ rjw: Ediciones de asunto y registro de cambios ]

10 Jul 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 08:15

Updated : 2025-11-19 20:42

NVD link : CVE-2025-38296

Mitre link : CVE-2025-38296

CVE.ORG link : CVE-2025-38296

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10