CVE-2025-38318: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability identified as CVE-2025-38318 was discovered in the Linux kernel, specifically related to the performance monitoring subsystem (perf) on ARM platforms. The issue involves a missing platformsetdrvdata() call in the armniprobe() function, which causes platformgetdrvdata() to return NULL during removal operations. This vulnerability was disclosed on July 10, 2025 (NVD).

The vulnerability stems from a missing platformsetdrvdata() function call in the ARM performance monitoring subsystem. When the armniprobe() function is executed, it fails to properly set the driver data, which subsequently causes platformgetdrvdata() to return NULL during the remove operation. The vulnerability has been assigned a CVSS v3 Base Score of 7.0 by Red Hat, indicating a moderate to high severity, with local attack vector and high attack complexity (Rapid7).

The vulnerability affects the Linux kernel's performance monitoring functionality on ARM platforms. When exploited, it could lead to system instability or potential crashes during driver removal operations due to NULL pointer dereferencing (Debian).

The vulnerability has been fixed in various Linux distributions. Debian has addressed this in version 6.12.35-1 for trixie and 6.12.38-1 for sid. Some versions, such as bullseye and bookworm, are not affected as they don't contain the vulnerable code (Debian).