CVE-2025-38049

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/93a418fc61da13d1ee4047d4d1327990f7a2816a", "name": "https://git.kernel.org/stable/c/93a418fc61da13d1ee4047d4d1327990f7a2816a", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/a121798ae669351ec0697c94f71c3a692b2a755b", "name": "https://git.kernel.org/stable/c/a121798ae669351ec0697c94f71c3a692b2a755b", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/a8a1bcc27d4607227088d80483164289b5348293", "name": "https://git.kernel.org/stable/c/a8a1bcc27d4607227088d80483164289b5348293", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/ed5addb55e403ad6598102bcf546e068ae01fef6", "name": "https://git.kernel.org/stable/c/ed5addb55e403ad6598102bcf546e068ae01fef6", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors\n\nCommit\n\n 6eac36bb9eb0 (\"x86/resctrl: Allocate the cleanest CLOSID by searching closid_num_dirty_rmid\")\n\nadded logic that causes resctrl to search for the CLOSID with the fewest dirty\ncache lines when creating a new control group, if requested by the arch code.\nThis depends on the values read from the llc_occupancy counters. The logic is\napplicable to architectures where the CLOSID effectively forms part of the\nmonitoring identifier and so do not allow complete freedom to choose an unused\nmonitoring identifier for a given CLOSID.\n\nThis support missed that some platforms may not have these counters. This\ncauses a NULL pointer dereference when creating a new control group as the\narray was not allocated by dom_data_init().\n\nAs this feature isn't necessary on platforms that don't have cache occupancy\nmonitors, add this to the check that occurs when a new control group is\nallocated."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-476"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-38049", "ASSIGNER": "cve@kernel.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2025-04-18T07:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.13.11", "versionStartIncluding": "6.13"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.14.2", "versionStartIncluding": "6.14"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.12.23", "versionStartIncluding": "6.9"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-29T14:39Z"}