CVE-2025-38044
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-12-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 5.4.294 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.238 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.185 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.141 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.93 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.31 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.14.9 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's media subsystem, specifically the cx231xx driver. The issue was that the video_device for the MPEG encoder did not set the device_caps field. Without setting device_caps, the video device cannot be properly registered, resulting in a WARN_ON error. This was discovered while experimenting with support for device 417, which was previously disabled.
How can this vulnerability impact me? :
If the device_caps field is not set for the video device, the device cannot be registered correctly, which may prevent the MPEG encoder from functioning properly. This could lead to failures or warnings in the kernel related to the video device, potentially impacting media functionality on affected systems.