In the Linux kernel, the following vulnerability has been resolved:

powerpc/eeh: Make EEH driver device hotplug safe

Multiple race conditions existed between the PCIe hotplug driver and the
EEH driver, leading to a variety of kernel oopses of the same general
nature:

<pcie device unplug>
<eeh driver trigger>
<hotplug removal trigger>
<pcie tree reconfiguration>
<eeh recovery next step>
<oops in EEH driver bus iteration loop>

A second class of oops is also seen when the underlying bus disappears
during device recovery.

Refactor the EEH module to be PCI rescan and remove safe. Also clean
up a few minor formatting / readability issues.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux
  • Linux Kernel
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/1010b4c012b0d78dfb9d3132b49aa2ef024a07a7 cve-icon cve-icon
https://git.kernel.org/stable/c/19d5036e7ad766cf212aebec23b9f1d7924a62bc cve-icon cve-icon
https://git.kernel.org/stable/c/502f08831a9afb72dc98a56ae6504da43e93b250 cve-icon cve-icon
https://git.kernel.org/stable/c/59c6d3d81d42bf543c90597b4f38c53d6874c5a1 cve-icon cve-icon
https://git.kernel.org/stable/c/a426e8a6ae161f51888585b065db0f8f93ab2e16 cve-icon cve-icon
https://git.kernel.org/stable/c/d2c60a8a387e9fcc28447ef36c03f8e49fd052a6 cve-icon cve-icon
https://git.kernel.org/stable/c/d42bbd8f30ac38b1ce54715bf08ec3dac18d6b25 cve-icon cve-icon
https://git.kernel.org/stable/c/f56e004b781719d8fdf6c9619b15caf2579bc1f2 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025081912-CVE-2025-38576-d1a7@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38576 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38576 cve-icon
History

Thu, 28 Aug 2025 15:00:00 +0000

Type Values Removed Values Added
References

Thu, 21 Aug 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Wed, 20 Aug 2025 00:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 19 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature: <pcie device unplug> <eeh driver trigger> <hotplug removal trigger> <pcie tree reconfiguration> <eeh recovery next step> <oops in EEH driver bus iteration loop> A second class of oops is also seen when the underlying bus disappears during device recovery. Refactor the EEH module to be PCI rescan and remove safe. Also clean up a few minor formatting / readability issues.
Title powerpc/eeh: Make EEH driver device hotplug safe
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-09-29T05:54:06.789Z

Reserved: 2025-04-16T04:51:24.025Z

Link: CVE-2025-38576

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-19T17:15:34.573

Modified: 2025-08-28T15:15:53.867

Link: CVE-2025-38576

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-08-19T00:00:00Z

Links: CVE-2025-38576 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-08-21T12:31:53Z