CVE-2025-38581 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2025-38581?

CVE-2025-38581 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's AMD Cryptographic Coprocessor (CCP) driver causes a kernel crash when rebinding the CCP device with debugfs enabled. This affects Linux systems with AMD cryptographic hardware and the CONFIG_CRYPTO_DEV_CCP_DEBUGFS kernel configuration option enabled. The vulnerability can lead to denial of service through kernel panic.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's AMD Cryptographic Coprocessor (CCP) driver causes a kernel crash when rebinding the CCP device with debugfs enabled. This affects Linux systems with AMD cryptographic hardware and the CONFIG_CRYPTO_DEV_CCP_DEBUGFS kernel configuration option enabled. The vulnerability can lead to denial of service through kernel panic.

💻 Affected Systems

Products:

Linux kernel with AMD Cryptographic Coprocessor (CCP) driver

Versions: Specific kernel versions containing the bug (check git commits for exact ranges)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when CONFIG_CRYPTO_DEV_CCP_DEBUGFS=y is enabled in kernel configuration and AMD CCP hardware is present.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service when rebinding CCP device, requiring system reboot to recover.

🟢

If Mitigated

No impact if debugfs is disabled or CCP hardware is not present.

🌐 Internet-Facing: LOW - Requires local access to trigger via device rebinding commands.

🏢 Internal Only: MEDIUM - Local users or administrators with device management privileges can trigger the crash.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to execute device rebinding commands (typically root or privileged user).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 181698af38d3f93381229ad89c09b5bd0496661a or related fixes

Vendor Advisory: https://git.kernel.org/stable/c/181698af38d3f93381229ad89c09b5bd0496661a

Restart Required: No

Instructions:

1. Update Linux kernel to patched version. 2. Rebuild kernel if using custom configuration. 3. No reboot required for hotfix via module reload.

🔧 Temporary Workarounds

Disable CCP debugfs

all

Disable CONFIG_CRYPTO_DEV_CCP_DEBUGFS kernel configuration option

Rebuild kernel with CONFIG_CRYPTO_DEV_CCP_DEBUGFS=n

Avoid CCP device rebinding

Linux

Restrict access to device rebinding operations

chmod 600 /sys/bus/pci/drivers/ccp/bind
chmod 600 /sys/bus/pci/drivers/ccp/unbind

🧯 If You Can't Patch

Restrict access to /sys/bus/pci/drivers/ccp/ directory to root only
Monitor for crash logs and restrict user privileges that can trigger device rebinding

🔍 How to Verify

Check if Vulnerable:

Check if CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled: grep CONFIG_CRYPTO_DEV_CCP_DEBUGFS /boot/config-$(uname -r)

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: uname -r and verify against patched versions

📡 Detection & Monitoring

Log Indicators:

Kernel NULL pointer dereference messages
Oops: 0002 errors in dmesg
CCP driver crash logs

Network Indicators:

None - local vulnerability only

SIEM Query:

search 'NULL pointer dereference' AND 'ccp' in kernel logs

📊 Metadata

CVE ID: CVE-2025-38581

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.01% exploit probability (2.3th percentile)

Published: August 19, 2025

Last Updated: January 9, 2026

🔗 References

https://git.kernel.org/stable/c/181698af38d3f93381229ad89c09b5bd0496661a Patch
https://git.kernel.org/stable/c/20c0ed8dd65834e6bab464f54cd6ff68659bacb9 Patch
https://git.kernel.org/stable/c/2d4060f05e74dbee884ba723f6afd9282befc3c5 Patch
https://git.kernel.org/stable/c/64ec9a7e7a6398b172ab6feba60e952163a1c3d5 Patch
https://git.kernel.org/stable/c/6eadf50c1d894cb34f3237064063207460946040 Patch
https://git.kernel.org/stable/c/9dea08eac4f6d6fbbae59992978252e2edab995d Patch
https://git.kernel.org/stable/c/a25ab6dfa0ce323ec308966988be6b675eb9d3e5 Patch
https://git.kernel.org/stable/c/ce63a83925964ab7564bd216bd92b80bc365492e Patch
https://git.kernel.org/stable/c/db111468531777cac8b4beb6515a88a54b0c4a74 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38581, you might also want to check these: