Login Sign Up

CVE-2025-38456

7.8 HIGH
Denial of Service

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's IPMI message handler could allow attackers to crash systems or potentially execute arbitrary code. This affects Linux systems using the IPMI subsystem, particularly servers with out-of-band management interfaces. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected kernel versions not specified in CVE; check kernel commit history for exact ranges
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with IPMI subsystem enabled and in use. Many desktop systems may not have IPMI enabled by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution, allowing complete system compromise.

🟠

Likely Case

System crash or denial of service through kernel panic, requiring physical or remote console access to recover the system.

🟢

If Mitigated

Limited impact if IPMI subsystem is disabled or not in use, with potential for system instability if exploited.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers or compromised user accounts could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of IPMI subsystem. Exploitation involves triggering specific conditions in ipmi_create_user() function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 7c1a6ddb99858e7d68961f74ae27caeeeca67b6a or later

Vendor Advisory: https://git.kernel.org/stable/c/7c1a6ddb99858e7d68961f74ae27caeeeca67b6a

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable IPMI subsystem

linux

Prevent exploitation by disabling the IPMI kernel module if not required

echo 'blacklist ipmi_si' >> /etc/modprobe.d/blacklist-ipmi.conf
rmmod ipmi_si
update-initramfs -u

🧯 If You Can't Patch

  • Restrict local user access to systems with IPMI enabled
  • Implement strict access controls and monitoring for IPMI interfaces

🔍 How to Verify

Check if Vulnerable:

Check if IPMI module is loaded: lsmod | grep ipmi. If loaded and kernel version is unpatched, system may be vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version after update and verify IPMI module functions correctly: dmesg | grep -i ipmi for any errors.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • IPMI-related error messages or crashes

Network Indicators:

  • Unusual IPMI traffic patterns if network-based IPMI is configured

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND "ipmi"

📊 Metadata

CVE ID: CVE-2025-38456
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.02% exploit probability (5.5th percentile)
Published: July 25, 2025
Last Updated: December 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38456, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)