CVE-2025-38559: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability has been identified in the Linux kernel affecting the platform/x86/intel/pmt component, tracked as CVE-2025-38559. The issue was discovered in August 2025 and involves a NULL pointer access in the crashlog functionality. The vulnerability affects the intelpmtread() function when used for binary sysfs operations (NVD).

The vulnerability stems from the usage of intelpmtread() for binary sysfs, which requires a pcidev. The current implementation only validates the endpoint value for telemetry endpoint usage. When used without the endpoint (ep) parameter, the crashlog functionality triggers a NULL pointer exception. The issue manifests as a kernel NULL pointer dereference at address 0x0000000000000000, resulting in an Oops condition (NVD).

When exploited, this vulnerability causes a kernel crash through a NULL pointer dereference, potentially leading to system instability and denial of service conditions. The issue affects the system's ability to properly handle crashlog operations in the Intel Platform Monitoring Technology (PMT) subsystem (NVD).

The vulnerability has been addressed by augmenting the struct intelpmtentry with a pointer to the pcidev, preventing the NULL pointer exception. A fix has been implemented in the Linux kernel codebase to properly handle the pcidev requirement for crashlog operations (NVD).