CVE-2025-38288 in Linuxinfo

Summary

by MITRE • 07/10/2025

In the Linux kernel, the following vulnerability has been resolved:

scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels

Correct kernel call trace when calling smp_processor_id() when called in preemptible kernels by using raw_smp_processor_id().

smp_processor_id() checks to see if preemption is disabled and if not, issue an error message followed by a call to dump_stack().

Brief example of call trace: kernel: check_preemption_disabled: 436 callbacks suppressed kernel: BUG: using smp_processor_id() in preemptible [00000000]
code: kworker/u1025:0/2354 kernel: caller is pqi_scsi_queue_command+0x183/0x310 [smartpqi]
kernel: CPU: 129 PID: 2354 Comm: kworker/u1025:0 kernel: ... kernel: Workqueue: writeback wb_workfn (flush-253:0) kernel: Call Trace: kernel: <TASK> kernel: dump_stack_lvl+0x34/0x48 kernel: check_preemption_disabled+0xdd/0xe0 kernel: pqi_scsi_queue_command+0x183/0x310 [smartpqi]
kernel: ...

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 01/27/2026

The vulnerability identified as CVE-2025-38288 affects the Linux kernel's SCSI subsystem, specifically within the smartpqi driver implementation. This issue manifests when the smp_processor_id() function is invoked in preemptible kernel contexts, creating a critical operational failure that can lead to system instability and potential security implications. The smartpqi driver, designed to support certain HP Smart Array controllers, encounters a fundamental flaw in its handling of processor identification within concurrent execution environments. The root cause stems from improper kernel API usage where the standard smp_processor_id() function is called in contexts where preemption is enabled, violating kernel safety constraints and triggering defensive mechanisms.

The technical flaw occurs because smp_processor_id() performs runtime checks to ensure preemption is disabled before allowing access to the current processor ID. When this function executes in preemptible contexts, the kernel's safety mechanisms detect the violation and generate error messages followed by stack dumps through the check_preemption_disabled() function. The call trace demonstrates this issue occurring within the pqi_scsi_queue_command function of the smartpqi driver, where a kworker process attempts to access processor information while preemption is active. This specific scenario typically happens during writeback operations when the kernel's workqueue subsystem schedules tasks that inadvertently call into the SCSI queue handling code path. The error message indicates that 436 callbacks were suppressed, highlighting the severity and frequency of this violation in affected systems.

The operational impact of this vulnerability extends beyond simple system crashes or hangs, potentially compromising the reliability of storage subsystems in enterprise environments. When the kernel detects this violation, it triggers a BUG condition that can result in immediate system termination or forced reboot cycles, disrupting ongoing operations and potentially causing data loss. In production systems using HP Smart Array controllers, this vulnerability could lead to unexpected service interruptions during critical I/O operations, particularly when multiple storage operations are processed concurrently. The vulnerability affects systems where the kernel is compiled with preemptible kernel options enabled, which is common in modern enterprise deployments where responsiveness and concurrent processing capabilities are essential for optimal performance.

Mitigation strategies for this vulnerability require immediate kernel updates addressing the specific smp_processor_id() usage in the smartpqi driver. System administrators should prioritize applying the patched kernel version that implements the correct usage of raw_smp_processor_id() instead of the standard smp_processor_id() function. The fix involves replacing the problematic function call with raw_smp_processor_id() which bypasses the preemption checks and is appropriate for use in preemptible contexts. Organizations should also implement monitoring for kernel log messages indicating preemption violations, as these can serve as early warning indicators of similar issues. Security teams should consider this vulnerability in their risk assessments for systems running affected kernel versions, particularly those with high availability requirements where storage subsystem stability directly impacts overall system reliability. The fix aligns with common practices for kernel development and follows established security guidelines for preventing race conditions and concurrency violations in kernel space code. This vulnerability demonstrates the importance of proper kernel API usage in concurrent environments and reflects the ongoing challenges in maintaining kernel stability when dealing with complex hardware driver interactions. The issue relates to CWE-362: Concurrency Issues and ATT&CK technique T1484.001: Group Policy Modification, as it affects system stability and can be leveraged to disrupt service availability through kernel-level vulnerabilities.

Responsible

Linux

Reservation

04/16/2025

Disclosure

07/10/2025

Moderation

accepted

CPE

ready

EPSS

0.00162

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!