CVE-2025-38576

powerpc/eeh: Make EEH driver device hotplug safe

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature: <pcie device unplug> <eeh driver trigger> <hotplug removal trigger> <pcie tree reconfiguration> <eeh recovery next step> <oops in EEH driver bus iteration loop> A second class of oops is also seen when the underlying bus disappears during device recovery. Refactor the EEH module to be PCI rescan and remove safe. Also clean up a few minor formatting / readability issues.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/502f08831a9afb72dc98a56ae6504da43e93b250
https://git.kernel.org/stable/c/f56e004b781719d8fdf6c9619b15caf2579bc1f2
https://git.kernel.org/stable/c/59c6d3d81d42bf543c90597b4f38c53d6874c5a1
https://git.kernel.org/stable/c/a426e8a6ae161f51888585b065db0f8f93ab2e16
https://git.kernel.org/stable/c/d2c60a8a387e9fcc28447ef36c03f8e49fd052a6
https://git.kernel.org/stable/c/d42bbd8f30ac38b1ce54715bf08ec3dac18d6b25
https://git.kernel.org/stable/c/19d5036e7ad766cf212aebec23b9f1d7924a62bc
https://git.kernel.org/stable/c/1010b4c012b0d78dfb9d3132b49aa2ef024a07a7

Frequently Asked Questions

What is the severity of CVE-2025-38576?
CVE-2025-38576 has not yet been assigned a CVSS score.
How to fix CVE-2025-38576?
To fix CVE-2025-38576, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38576 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38576 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38576?
CVE-2025-38576 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.