{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38178", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.992Z", "datePublished": "2025-07-04T13:37:06.717Z", "dateUpdated": "2025-07-04T13:37:06.717Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-04T13:37:06.717Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/igen6: Fix NULL pointer dereference\n\nA kernel panic was reported with the following kernel log:\n\n EDAC igen6: Expected 2 mcs, but only 1 detected.\n BUG: unable to handle page fault for address: 000000000000d570\n ...\n Hardware name: Notebook V54x_6x_TU/V54x_6x_TU, BIOS Dasharo (coreboot+UEFI) v0.9.0 07/17/2024\n RIP: e030:ecclog_handler+0x7e/0xf0 [igen6_edac]\n ...\n igen6_probe+0x2a0/0x343 [igen6_edac]\n ...\n igen6_init+0xc5/0xff0 [igen6_edac]\n ...\n\nThis issue occurred because one memory controller was disabled by\nthe BIOS but the igen6_edac driver still checked all the memory\ncontrollers, including this absent one, to identify the source of\nthe error. Accessing the null MMIO for the absent memory controller\nresulted in the oops above.\n\nFix this issue by reverting the configuration structure to non-const\nand updating the field 'res_cfg->num_imc' to reflect the number of\ndetected memory controllers."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/edac/igen6_edac.c"], "versions": [{"version": "decaed3a7c4159916fb3c58f2c944bbcbfbdde06", "lessThan": "40e69c93d6dadc5355bfe90f3940c402d171289c", "status": "affected", "versionType": "git"}, {"version": "20e190b1c1fd88b21cc5106c12cfe6def5ab849d", "lessThan": "88efa0de3285be66969b71ec137d9dab1ee19e52", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/edac/igen6_edac.c"], "versions": [{"version": "6.16-rc1", "status": "affected"}, {"version": "0", "lessThan": "6.16-rc1", "status": "unaffected", "versionType": "semver"}, {"version": "6.16-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16-rc1", "versionEndExcluding": "6.16-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/40e69c93d6dadc5355bfe90f3940c402d171289c"}, {"url": "https://git.kernel.org/stable/c/88efa0de3285be66969b71ec137d9dab1ee19e52"}], "title": "EDAC/igen6: Fix NULL pointer dereference", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/igen6: Fix NULL pointer dereference\n\nA kernel panic was reported with the following kernel log:\n\n EDAC igen6: Expected 2 mcs, but only 1 detected.\n BUG: unable to handle page fault for address: 000000000000d570\n ...\n Hardware name: Notebook V54x_6x_TU/V54x_6x_TU, BIOS Dasharo (coreboot+UEFI) v0.9.0 07/17/2024\n RIP: e030:ecclog_handler+0x7e/0xf0 [igen6_edac]\n ...\n igen6_probe+0x2a0/0x343 [igen6_edac]\n ...\n igen6_init+0xc5/0xff0 [igen6_edac]\n ...\n\nThis issue occurred because one memory controller was disabled by\nthe BIOS but the igen6_edac driver still checked all the memory\ncontrollers, including this absent one, to identify the source of\nthe error. Accessing the null MMIO for the absent memory controller\nresulted in the oops above.\n\nFix this issue by reverting the configuration structure to non-const\nand updating the field 'res_cfg->num_imc' to reflect the number of\ndetected memory controllers."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: EDAC/igen6: Corregir desreferencia de puntero NULL Se inform\u00f3 un p\u00e1nico del kernel con el siguiente registro del kernel: EDAC igen6: Se esperaban 2 mcs, pero solo se detect\u00f3 1. ERROR: no se pudo gestionar el error de p\u00e1gina para la direcci\u00f3n: 000000000000d570 ... Nombre del hardware: Notebook V54x_6x_TU/V54x_6x_TU, BIOS Dasharo (coreboot+UEFI) v0.9.0 17/07/2024 RIP: e030:ecclog_handler+0x7e/0xf0 [igen6_edac] ... igen6_probe+0x2a0/0x343 [igen6_edac] ... igen6_init+0xc5/0xff0 [igen6_edac] ... Este problema se produjo porque el BIOS deshabilit\u00f3 un controlador de memoria, pero el controlador igen6_edac sigui\u00f3 comprobando todos los controladores de memoria, incluido el ausente, para identificar el origen del error. Acceder al MMIO nulo del controlador de memoria ausente provoc\u00f3 el error mencionado. Solucione este problema revirtiendo la estructura de configuraci\u00f3n a no constante y actualizando el campo 'res_cfg->num_imc' para reflejar la cantidad de controladores de memoria detectados."}], "id": "CVE-2025-38178", "lastModified": "2025-07-08T16:18:53.607", "metrics": {}, "published": "2025-07-04T14:15:24.233", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/40e69c93d6dadc5355bfe90f3940c402d171289c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/88efa0de3285be66969b71ec137d9dab1ee19e52"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: EDAC/igen6: Fix NULL pointer dereference", "id": "2376369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376369"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nEDAC/igen6: Fix NULL pointer dereference\nA kernel panic was reported with the following kernel log:\nEDAC igen6: Expected 2 mcs, but only 1 detected.\nBUG: unable to handle page fault for address: 000000000000d570\n...\nHardware name: Notebook V54x_6x_TU/V54x_6x_TU, BIOS Dasharo (coreboot+UEFI) v0.9.0 07/17/2024\nRIP: e030:ecclog_handler+0x7e/0xf0 [igen6_edac]\n...\nigen6_probe+0x2a0/0x343 [igen6_edac]\n...\nigen6_init+0xc5/0xff0 [igen6_edac]\n...\nThis issue occurred because one memory controller was disabled by\nthe BIOS but the igen6_edac driver still checked all the memory\ncontrollers, including this absent one, to identify the source of\nthe error. Accessing the null MMIO for the absent memory controller\nresulted in the oops above.\nFix this issue by reverting the configuration structure to non-const\nand updating the field 'res_cfg->num_imc' to reflect the number of\ndetected memory controllers."], "name": "CVE-2025-38178", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38178\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38178\nhttps://lore.kernel.org/linux-cve-announce/2025070407-CVE-2025-38178-8846@gregkh/T"], "threat_severity": "Moderate"}