CVE-2025-38239

09.07.2025, 11:15

In the Linux kernel, the following vulnerability has been resolved:

scsi: megaraid_sas: Fix invalid node index

On a system with DRAM interleave enabled, out-of-bound access is
detected:

megaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28
index -1 is out of range for type 'cpumask *[1024]'
dump_stack_lvl+0x5d/0x80
ubsan_epilogue+0x5/0x2b
__ubsan_handle_out_of_bounds.cold+0x46/0x4b
megasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]
megasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]
local_pci_probe+0x42/0x90
pci_device_probe+0xdc/0x290
really_probe+0xdb/0x340
__driver_probe_device+0x78/0x110
driver_probe_device+0x1f/0xa0
__driver_attach+0xba/0x1c0
bus_for_each_dev+0x8b/0xe0
bus_add_driver+0x142/0x220
driver_register+0x72/0xd0
megasas_init+0xdf/0xff0 [megaraid_sas]
do_one_initcall+0x57/0x310
do_init_module+0x90/0x250
init_module_from_file+0x85/0xc0
idempotent_init_module+0x114/0x310
__x64_sys_finit_module+0x65/0xc0
do_syscall_64+0x82/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e

Fix it accordingly.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Linux	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Vendor	Product	Version
linux	linux_kernel	5.17 ≤ 𝑥 < 6.1.143
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.96
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.36
linux	linux_kernel	6.13 ≤ 𝑥 < 6.15.5
linux	linux_kernel	6.16:rc1
linux	linux_kernel	6.16:rc2
linux	linux_kernel	6.16:rc3
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.247-1 fixed
bookworm	6.1.159-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	6.12.63-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.13-1 fixed
sid	6.18.5-1 fixed

linux-6.1

bullseye (security)

6.1.159-1~deb11u1

fixed

Common Weakness Enumeration

CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

https://git.kernel.org/stable/c/074efb35552556a4b3b25eedab076d5dc24a8199

https://git.kernel.org/stable/c/19a47c966deb36624843b7301f0373a3dc541a05

https://git.kernel.org/stable/c/752eb816b55adb0673727ba0ed96609a17895654

https://git.kernel.org/stable/c/bf2c1643abc3b2507d56bb6c22bf9897272f8a35

https://git.kernel.org/stable/c/f1064b3532192e987ab17be7281d5fee36fd25e1

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html