CVE-2025-38275
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.13 (inc) to 6.15.3 (inc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's qcom-qmp-usb driver. The function qmp_usb_iomap() returns the raw result of devm_ioremap() for non-exclusive mappings. devm_ioremap() can return a NULL pointer, but the caller only checks for error pointers using IS_ERR(). Because NULL is not an error pointer, this can bypass the check and lead to an invalid dereference, potentially causing a crash or undefined behavior. The fix involves checking if devm_ioremap() returns NULL and returning an appropriate error pointer instead, ensuring safe and consistent error handling.
How can this vulnerability impact me? :
This vulnerability can lead to an invalid dereference in the Linux kernel, which may cause system crashes or instability. Such crashes could result in denial of service or unexpected behavior in systems using the affected driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the qcom-qmp-usb NULL vs IS_ERR() bug. This fix ensures proper error handling by checking for NULL pointers returned by devm_ioremap(), preventing invalid dereferences.