vulnerability

Oracle Linux: CVE-2025-38559: ELSA-2025-20662: Unbreakable Enterprise kernel security update (IMPORTANT)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:M/C:N/I:N/A:C)	Aug 19, 2025	Oct 16, 2025	Dec 3, 2025

Severity

CVSS

(AV:L/AC:L/Au:M/C:N/I:N/A:C)

Published

Aug 19, 2025

Added

Oct 16, 2025

Modified

Dec 3, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:
platform/x86/intel/pmt: fix a crashlog NULL pointer access
Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The
current use of the endpoint value is only valid for telemetry endpoint
usage.
Without the ep, the crashlog usage causes the following NULL pointer
exception:
BUG: kernel NULL pointer dereference, address: 0000000000000000
Oops: Oops: 0000 [#1] SMP NOPTI
RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]
Code:
Call Trace:
<TASK>
? sysfs_kf_bin_read+0xc0/0xe0
kernfs_fop_read_iter+0xac/0x1a0
vfs_read+0x26d/0x350
ksys_read+0x6b/0xe0
__x64_sys_read+0x1d/0x30
x64_sys_call+0x1bc8/0x1d70
do_syscall_64+0x6d/0x110
Augment struct intel_pmt_entry with a pointer to the pcidev to avoid
the NULL pointer exception.

Solution

oracle-linux-upgrade-kernel-uek

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today