CVE-2025-38538

Q: What is the severity of CVE-2025-38538?

CVE-2025-38538 has a CVSS score of 7.8 (HIGH). This CVE describes a memory corruption vulnerability in the Linux kernel's nbpfaxi DMA engine driver. The flaw allows attackers to corrupt kernel memory by exploiting out-of-bounds array access in the probe() function, potentially leading to system crashes or privilege escalation. This affects all Linux systems using the vulnerable nbpfaxi driver.

7.8 HIGH

Denial of Service

📋 TL;DR

This CVE describes a memory corruption vulnerability in the Linux kernel's nbpfaxi DMA engine driver. The flaw allows attackers to corrupt kernel memory by exploiting out-of-bounds array access in the probe() function, potentially leading to system crashes or privilege escalation. This affects all Linux systems using the vulnerable nbpfaxi driver.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific kernel versions containing the vulnerable nbpfaxi driver code (check git commits for exact ranges)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the nbpfaxi DMA engine driver is compiled into the kernel or loaded as a module. Many distributions may not include this driver by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to root if combined with other vulnerabilities to achieve arbitrary code execution.

🟠

Likely Case

System instability, crashes, or denial of service when the vulnerable driver is loaded and accessed.

🟢

If Mitigated

Limited impact if the nbpfaxi driver is not loaded or not in use on the system.

🌐 Internet-Facing: LOW - This is a kernel driver vulnerability requiring local access or ability to load kernel modules.

🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger the vulnerable probe() function, typically through device initialization. Local access needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/122160289adf8ebf15060f1cbf6265b55a914948

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution. 2. Reboot the system. 3. Verify the new kernel is running.

🔧 Temporary Workarounds

Disable nbpfaxi module

linux

Prevent loading of the vulnerable driver module

echo 'blacklist nbpfaxi' >> /etc/modprobe.d/blacklist.conf
rmmod nbpfaxi 2>/dev/null || true

Build kernel without nbpfaxi

linux

Recompile kernel without the vulnerable driver

make menuconfig (disable CONFIG_NBPFAXI)
make && make modules_install

🧯 If You Can't Patch

Ensure the nbpfaxi driver is not loaded (check with lsmod)
Restrict local user access to systems where driver might be loaded

🔍 How to Verify

Check if Vulnerable:

Check if nbpfaxi module is loaded: lsmod | grep nbpfaxi. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version is patched and nbpfaxi module either not loaded or updated version.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes when DMA operations are performed
Unexpected reboots

Network Indicators:

None - this is a local vulnerability

SIEM Query:

search 'kernel: BUG:' or 'kernel: Oops:' in system logs

📊 Metadata

CVE ID: CVE-2025-38538

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: August 16, 2025

Last Updated: January 7, 2026

🔗 References

https://git.kernel.org/stable/c/122160289adf8ebf15060f1cbf6265b55a914948 Patch
https://git.kernel.org/stable/c/188c6ba1dd925849c5d94885c8bbdeb0b3dcf510 Patch
https://git.kernel.org/stable/c/24861ef8b517a309a4225f2793be0cd8fa0bec9e Patch
https://git.kernel.org/stable/c/4bb016438335ec02b01f96bf1367378c2bfe03e5 Patch
https://git.kernel.org/stable/c/84fff8e6f11b9af1407e273995b5257d99ff0cff Patch
https://git.kernel.org/stable/c/aec396b4f736f3f8d2c28a9cd2924a4ada57ae87 Patch
https://git.kernel.org/stable/c/d6bbd67ab5de37a74ac85c83c5a26664b62034dd Patch
https://git.kernel.org/stable/c/f366b36c5e3ce29c9a3c8eed3d1631908e4fc8bb Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable nbpfaxi module

Build kernel without nbpfaxi

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities