CVE-2025-38623NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference35 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedAug 22
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices. This comes down to two issues: 1) When a device is surprise removed, often the bridge upstream port will cause a PE freeze on the PHB. If this freeze is not cleared, the MSI

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel4.95.10.241+6
Debianlinux/linux_kernel< 6.1.148-1+2
CVEListV5linux/linux360aebd85a4c946764f6301d68de2a817fad51596e7b5f922901585b8f11e0d6cda12bda5c59fc8a+8

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
PCI: pnv_php: Fix surprise plug detection and recovery2025-08-22
GHSA
GHSA-jm3q-7w4m-jc2w: In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotp2025-08-22
OSV
CVE-2025-38623: In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplu2025-08-22

📋Vendor Advisories

31
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-38623 — NULL Pointer Dereference in Linux | cvebase