{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38581","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.026Z","datePublished":"2025-08-19T17:03:03.718Z","dateUpdated":"2026-05-11T21:30:55.723Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:30:55.723Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix crash when rebind ccp device for ccp.ko\n\nWhen CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding\nthe ccp device causes the following crash:\n\n$ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/unbind\n$ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/bind\n\n[  204.976930] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[  204.978026] #PF: supervisor write access in kernel mode\n[  204.979126] #PF: error_code(0x0002) - not-present page\n[  204.980226] PGD 0 P4D 0\n[  204.981317] Oops: Oops: 0002 [#1] SMP NOPTI\n...\n[  204.997852] Call Trace:\n[  204.999074]  <TASK>\n[  205.000297]  start_creating+0x9f/0x1c0\n[  205.001533]  debugfs_create_dir+0x1f/0x170\n[  205.002769]  ? srso_return_thunk+0x5/0x5f\n[  205.004000]  ccp5_debugfs_setup+0x87/0x170 [ccp]\n[  205.005241]  ccp5_init+0x8b2/0x960 [ccp]\n[  205.006469]  ccp_dev_init+0xd4/0x150 [ccp]\n[  205.007709]  sp_init+0x5f/0x80 [ccp]\n[  205.008942]  sp_pci_probe+0x283/0x2e0 [ccp]\n[  205.010165]  ? srso_return_thunk+0x5/0x5f\n[  205.011376]  local_pci_probe+0x4f/0xb0\n[  205.012584]  pci_device_probe+0xdb/0x230\n[  205.013810]  really_probe+0xed/0x380\n[  205.015024]  __driver_probe_device+0x7e/0x160\n[  205.016240]  device_driver_attach+0x2f/0x60\n[  205.017457]  bind_store+0x7c/0xb0\n[  205.018663]  drv_attr_store+0x28/0x40\n[  205.019868]  sysfs_kf_write+0x5f/0x70\n[  205.021065]  kernfs_fop_write_iter+0x145/0x1d0\n[  205.022267]  vfs_write+0x308/0x440\n[  205.023453]  ksys_write+0x6d/0xe0\n[  205.024616]  __x64_sys_write+0x1e/0x30\n[  205.025778]  x64_sys_call+0x16ba/0x2150\n[  205.026942]  do_syscall_64+0x56/0x1e0\n[  205.028108]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  205.029276] RIP: 0033:0x7fbc36f10104\n[  205.030420] Code: 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8d 05 e1 08 2e 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5\n\nThis patch sets ccp_debugfs_dir to NULL after destroying it in\nccp5_debugfs_destroy, allowing the directory dentry to be\nrecreated when rebinding the ccp device.\n\nTested on AMD Ryzen 7 1700X."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/ccp/ccp-debugfs.c"],"versions":[{"version":"3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0","lessThan":"a25ab6dfa0ce323ec308966988be6b675eb9d3e5","status":"affected","versionType":"git"},{"version":"3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0","lessThan":"ce63a83925964ab7564bd216bd92b80bc365492e","status":"affected","versionType":"git"},{"version":"3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0","lessThan":"20c0ed8dd65834e6bab464f54cd6ff68659bacb9","status":"affected","versionType":"git"},{"version":"3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0","lessThan":"2d4060f05e74dbee884ba723f6afd9282befc3c5","status":"affected","versionType":"git"},{"version":"3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0","lessThan":"db111468531777cac8b4beb6515a88a54b0c4a74","status":"affected","versionType":"git"},{"version":"3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0","lessThan":"9dea08eac4f6d6fbbae59992978252e2edab995d","status":"affected","versionType":"git"},{"version":"3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0","lessThan":"6eadf50c1d894cb34f3237064063207460946040","status":"affected","versionType":"git"},{"version":"3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0","lessThan":"64ec9a7e7a6398b172ab6feba60e952163a1c3d5","status":"affected","versionType":"git"},{"version":"3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0","lessThan":"181698af38d3f93381229ad89c09b5bd0496661a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/ccp/ccp-debugfs.c"],"versions":[{"version":"4.13","status":"affected"},{"version":"0","lessThan":"4.13","status":"unaffected","versionType":"semver"},{"version":"5.4.297","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.241","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.190","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.148","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.102","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.42","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.10","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16.1","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.4.297"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.10.241"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.15.190"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.1.148"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.6.102"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.12.42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.15.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.16.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a25ab6dfa0ce323ec308966988be6b675eb9d3e5"},{"url":"https://git.kernel.org/stable/c/ce63a83925964ab7564bd216bd92b80bc365492e"},{"url":"https://git.kernel.org/stable/c/20c0ed8dd65834e6bab464f54cd6ff68659bacb9"},{"url":"https://git.kernel.org/stable/c/2d4060f05e74dbee884ba723f6afd9282befc3c5"},{"url":"https://git.kernel.org/stable/c/db111468531777cac8b4beb6515a88a54b0c4a74"},{"url":"https://git.kernel.org/stable/c/9dea08eac4f6d6fbbae59992978252e2edab995d"},{"url":"https://git.kernel.org/stable/c/6eadf50c1d894cb34f3237064063207460946040"},{"url":"https://git.kernel.org/stable/c/64ec9a7e7a6398b172ab6feba60e952163a1c3d5"},{"url":"https://git.kernel.org/stable/c/181698af38d3f93381229ad89c09b5bd0496661a"}],"title":"crypto: ccp - Fix crash when rebind ccp device for ccp.ko","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:40:10.652Z"}}]}}