CVE-2025-38178

04.07.2025, 14:15

In the Linux kernel, the following vulnerability has been resolved:

EDAC/igen6: Fix NULL pointer dereference

A kernel panic was reported with the following kernel log:

  EDAC igen6: Expected 2 mcs, but only 1 detected.
  BUG: unable to handle page fault for address: 000000000000d570
  ...
  Hardware name: Notebook V54x_6x_TU/V54x_6x_TU, BIOS Dasharo (coreboot+UEFI) v0.9.0 07/17/2024
  RIP: e030:ecclog_handler+0x7e/0xf0 [igen6_edac]
  ...
  igen6_probe+0x2a0/0x343 [igen6_edac]
  ...
  igen6_init+0xc5/0xff0 [igen6_edac]
  ...

This issue occurred because one memory controller was disabled by
the BIOS but the igen6_edac driver still checked all the memory
controllers, including this absent one, to identify the source of
the error. Accessing the null MMIO for the absent memory controller
resulted in the oops above.

Fix this issue by reverting the configuration structure to non-const
and updating the field 'res_cfg->num_imc' to reflect the number of
detected memory controllers.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.137-1 fixed
bookworm (security)	6.1.140-1 fixed
trixie	6.12.33-1 fixed
trixie (security)	6.12.31-1 fixed
sid	6.12.35-1 fixed

References

https://git.kernel.org/stable/c/40e69c93d6dadc5355bfe90f3940c402d171289c

https://git.kernel.org/stable/c/88efa0de3285be66969b71ec137d9dab1ee19e52