CVE-2025-38296 in Linux
Summary
by MITRE • 07/10/2025
In the Linux kernel, the following vulnerability has been resolved:
ACPI: platform_profile: Avoid initializing on non-ACPI platforms
The platform profile driver is loaded even on platforms that do not have ACPI enabled. The initialization of the sysfs entries was recently moved from platform_profile_register() to the module init call, and those entries need acpi_kobj to be initialized which is not the case when ACPI is disabled.
This results in the following warning:
WARNING: CPU: 5 PID: 1 at fs/sysfs/group.c:131 internal_create_group+0xa22/0xdd8 Modules linked in: CPU: 5 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.15.0-rc7-dirty #6 PREEMPT Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT) epc : internal_create_group+0xa22/0xdd8 ra : internal_create_group+0xa22/0xdd8
Call Trace:
internal_create_group+0xa22/0xdd8 sysfs_create_group+0x22/0x2e platform_profile_init+0x74/0xb2 do_one_initcall+0x198/0xa9e kernel_init_freeable+0x6d8/0x780 kernel_init+0x28/0x24c ret_from_fork+0xe/0x18
Fix this by checking if ACPI is enabled before trying to create sysfs entries.
[ rjw: Subject and changelog edits ]
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/07/2025
The vulnerability identified as CVE-2025-38296 represents a critical initialization flaw within the Linux kernel's ACPI platform profile driver subsystem. This issue manifests when the platform profile driver attempts to initialize sysfs entries on systems where ACPI support is explicitly disabled, creating a fundamental mismatch between driver expectations and system capabilities. The root cause stems from a recent refactoring that moved sysfs entry creation from the platform_profile_register() function to the module initialization routine, which now executes regardless of ACPI availability. This change inadvertently breaks the driver's dependency management, as the initialization process now requires access to acpi_kobj which remains uninitialized on non-ACPI platforms, leading to kernel warnings and potential system instability.
The technical implementation flaw occurs at the kernel's sysfs subsystem level where internal_create_group() function fails when attempting to create sysfs groups without proper ACPI kernel object initialization. The call trace demonstrates this failure path through the kernel initialization sequence, starting with kernel_init_freeable() and proceeding through do_one_initcall() before reaching the critical internal_create_group() function. This represents a classic case of improper conditional logic where platform-specific initialization checks are bypassed, resulting in a kernel warning that indicates a tainted system state. The vulnerability specifically affects systems running kernel versions where the platform profile driver module loads without proper ACPI platform verification, creating a scenario that violates fundamental kernel design principles for platform independence and resource management.
From an operational perspective, this vulnerability creates a persistent warning condition that can obscure legitimate system issues and potentially impact system stability during boot processes. The warning message indicates that the kernel's internal state has become inconsistent, with the Tainted flag set to W, signaling that the kernel has detected a non-standard condition that may affect system reliability. This issue particularly impacts RISC-V virtualized environments running QEMU, though the vulnerability is not limited to these platforms and could affect any system where the platform profile driver loads without proper ACPI dependency validation. The flaw essentially creates a false positive condition where the kernel reports an error even though the system may be functioning correctly, potentially leading to confusion during system diagnostics and troubleshooting operations.
The fix for CVE-2025-38296 involves implementing a proper ACPI enablement check before attempting sysfs entry creation, ensuring that the platform profile driver only initializes its sysfs interface when ACPI support is actually available. This approach aligns with established kernel development practices and follows the principle of conditional initialization based on platform capabilities. The solution directly addresses the underlying issue identified in CWE-691, which deals with insufficient control flow management and improper initialization sequences. This vulnerability also intersects with ATT&CK technique T1068, which involves the exploitation of system configuration weaknesses, as it represents an opportunity for attackers to potentially leverage kernel warnings for system reconnaissance or to create denial-of-service conditions through manipulation of platform profile initialization. Organizations should ensure their kernel versions include this fix and implement proper system monitoring to detect any residual warnings that might indicate incomplete patch application or continued exposure to this vulnerability.