CVE-2025-38143
BaseFortify
Publication date: 2025-07-03
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.0 (inc) to 5.10.239 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.186 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.142 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.94 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.34 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.3 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's backlight driver for pm8941. The function wled_configure() uses devm_kasprintf() to allocate memory, but it does not check if devm_kasprintf() returns NULL when memory allocation fails. This leads to a NULL pointer dereference, which can cause the system to crash or behave unexpectedly. The fix involves adding a NULL check after devm_kasprintf() to prevent this issue.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause a NULL pointer dereference in the Linux kernel, potentially leading to system crashes or instability. This could disrupt normal operations or cause denial of service on affected systems.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the Linux kernel version that includes the fix for the NULL pointer dereference in wled_configure() by adding a NULL check after devm_kasprintf().