CVE-2025-38518 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-38518 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Disable INVLPGB on Zen2 AMD Cyan Skillfish (Family 17h, Model 47h, Stepping 0h) has an issue that causes system oopses and panics when performing TLB flush using INVLPGB. However, the problem is that that machine has misconfigured CPUID and should not report the INVLPGB bit in the first place. So zap the kernel's representation of the flag so that nothing gets confused. [ bp: Massage. ]

EPSS 0.02% · 5.2th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.02%

5.2th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.15, 6.16, 6.16
Linux	Linux	6.15, 0, 6.15.7

Timeline

Aug 16, 2025 EPSS Score
Aug 16, 2025 CVE Published
Aug 16, 2025 PoC Published
Aug 24, 2025 EPSS Score
Aug 31, 2025 EPSS Score
Sep 8, 2025 EPSS Score
Sep 15, 2025 EPSS Score
Sep 23, 2025 EPSS Score
Oct 1, 2025 EPSS Score
Oct 8, 2025 EPSS Score
Oct 12, 2025 PoC Published
Oct 16, 2025 EPSS Score

References

Open in Interactive Console →