cve 2025 38145

CVE-2025-38145 is a Linux kernel vulnerability involving a NULL pointer dereference in the Aspeed LPC snoop helper. This flaw affects systems using Aspeed System-on-Chip (SoC) families, commonly found in baseboard management controllers (BMCs) and embedded management functions in servers and network devices. A fix has been upstreamed in mid-2025, and it is considered a high-priority stability update for any deployment relying on Aspeed-based hardware. The vulnerability does not directly involve Windows or Microsoft products, but it is relevant to enterprise IT environments where Linux-based BMCs manage Windows servers. System administrators should apply the kernel patch to prevent potential crashes or instability.