{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38239","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.996Z","datePublished":"2025-07-09T10:42:24.170Z","dateUpdated":"2026-05-11T21:23:55.652Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:23:55.652Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix invalid node index\n\nOn a system with DRAM interleave enabled, out-of-bound access is\ndetected:\n\nmegaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type 'cpumask *[1024]'\ndump_stack_lvl+0x5d/0x80\nubsan_epilogue+0x5/0x2b\n__ubsan_handle_out_of_bounds.cold+0x46/0x4b\nmegasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]\nmegasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0xdc/0x290\nreally_probe+0xdb/0x340\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8b/0xe0\nbus_add_driver+0x142/0x220\ndriver_register+0x72/0xd0\nmegasas_init+0xdf/0xff0 [megaraid_sas]\ndo_one_initcall+0x57/0x310\ndo_init_module+0x90/0x250\ninit_module_from_file+0x85/0xc0\nidempotent_init_module+0x114/0x310\n__x64_sys_finit_module+0x65/0xc0\ndo_syscall_64+0x82/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it accordingly."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/megaraid/megaraid_sas_base.c"],"versions":[{"version":"8049da6f3943d0ac51931b8064b2e4769a69a967","lessThan":"f1064b3532192e987ab17be7281d5fee36fd25e1","status":"affected","versionType":"git"},{"version":"8049da6f3943d0ac51931b8064b2e4769a69a967","lessThan":"bf2c1643abc3b2507d56bb6c22bf9897272f8a35","status":"affected","versionType":"git"},{"version":"8049da6f3943d0ac51931b8064b2e4769a69a967","lessThan":"19a47c966deb36624843b7301f0373a3dc541a05","status":"affected","versionType":"git"},{"version":"8049da6f3943d0ac51931b8064b2e4769a69a967","lessThan":"074efb35552556a4b3b25eedab076d5dc24a8199","status":"affected","versionType":"git"},{"version":"8049da6f3943d0ac51931b8064b2e4769a69a967","lessThan":"752eb816b55adb0673727ba0ed96609a17895654","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/megaraid/megaraid_sas_base.c"],"versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","status":"unaffected","versionType":"semver"},{"version":"6.1.143","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.96","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.36","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.5","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.143"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.6.96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.12.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.15.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f1064b3532192e987ab17be7281d5fee36fd25e1"},{"url":"https://git.kernel.org/stable/c/bf2c1643abc3b2507d56bb6c22bf9897272f8a35"},{"url":"https://git.kernel.org/stable/c/19a47c966deb36624843b7301f0373a3dc541a05"},{"url":"https://git.kernel.org/stable/c/074efb35552556a4b3b25eedab076d5dc24a8199"},{"url":"https://git.kernel.org/stable/c/752eb816b55adb0673727ba0ed96609a17895654"}],"title":"scsi: megaraid_sas: Fix invalid node index","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:35:53.326Z"}}]}}