CVE-2025-38197
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-04

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the correct list head to list_for_each_entry*() when looping through the packet list. Without this patch, reading the packet data via sysfs will show the data incorrectly (because it starts at the wrong packet), and clearing the packet list will result in a NULL pointer dereference.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-04
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-07-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38197
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.7 (inc) to 5.10.239 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.186 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.95 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.35 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.4 (exc)
linux linux_kernel 6.16
linux linux_kernel 6.16
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's platform/x86 dell_rbu component involves incorrect usage of a list when iterating through packet data. Specifically, the code passes the wrong list head to the list_for_each_entry*() function, causing the packet data read via sysfs to be incorrect because it starts at the wrong packet. Additionally, clearing the packet list without the fix can lead to a NULL pointer dereference, potentially causing a crash.


How can this vulnerability impact me? :

The vulnerability can cause incorrect packet data to be read when accessed via sysfs, which may lead to misinterpretation of data. More critically, attempting to clear the packet list can result in a NULL pointer dereference, which can cause the system or kernel to crash or become unstable.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that fixes the list usage in the dell_rbu component of the Linux kernel to ensure correct handling of packet data and prevent NULL pointer dereference. Updating the Linux kernel to the fixed version released after 2025-07-04 is recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart