CVE-2025-38007
BaseFortify
Publication date: 2025-06-18
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.4.16 (inc) to 6.5 (inc) |
| linux | linux_kernel | 6.15 |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's uclogic driver where the function devm_kasprintf() can return NULL if memory allocation fails. The function uclogic_input_configured() does not check for this NULL return value, leading to a NULL pointer dereference, which can cause the system to crash or behave unexpectedly. The fix involves adding a NULL check after devm_kasprintf() to prevent this issue.
How can this vulnerability impact me? :
The vulnerability can cause a NULL pointer dereference in the Linux kernel, potentially leading to system crashes or instability. This could result in denial of service or unexpected behavior on affected systems using the uclogic driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the NULL pointer dereference in uclogic_input_configured() by adding a NULL check after devm_kasprintf().