CVE-2025-38274
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-20
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential null pointer dereference in the Linux kernel's fpga_mgr_test_img_load_sgt() function. The function allocates memory for a scatter-gather table (sgt) but does not check if the allocation failed. If the allocation fails, sgt is NULL, and subsequent code attempts to zero out this NULL pointer using memset(), causing a null pointer dereference which can lead to a kernel crash or instability.
How can this vulnerability impact me? :
The impact of this vulnerability is that it can cause the Linux kernel to crash or become unstable due to a null pointer dereference. This can lead to denial of service or system instability on affected systems using the vulnerable code.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that fixes the null pointer dereference in the Linux kernel's fpga_mgr_test_img_load_sgt() function by adding a check for memory allocation failure using KUNIT_ASSERT_NOT_ERR_OR_NULL(). Until the patch is applied, avoid using the affected fpga_mgr_test_img_load_sgt() functionality to prevent triggering the null pointer dereference.