Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-38412

Опубликовано: 25 июл. 2025
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.

Отчет

The vulnerability lies in the lack of validation on ACPI package structures retrieved through WMI sysfs callbacks in the dell-wmi-sysman driver. A local user with sysfs access can trigger a kernel crash or potentially leak memory by crafting malformed ACPI responses or racing access. Enabled only for the latest version of the Red Hat Enterprise Linux 9 (and after).

Меры по смягчению последствий

To mitigate this issue, prevent module dell-wmi-sysman from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelAffected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise Linux 9kernelFix deferred
Red Hat Enterprise Linux 9kernel-rtFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-129
https://bugzilla.redhat.com/show_bug.cgi?id=2383398kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks

EPSS

Процентиль: 8%
0.00035
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-38412

ubuntu
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.

nvd логотип

CVE-2025-38412

nvd
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.

debian логотип

CVE-2025-38412

debian
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: p ...

github логотип

GHSA-7fhw-47q5-mgv8

github
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.

suse-cvrf логотип

SUSE-SU-2025:02969-1

suse-cvrf
3 дня назад

Security update for the Linux Kernel

EPSS

Процентиль: 8%
0.00035
Низкий

6.1 Medium

CVSS3