CVE-2025-38363
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-12-16
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.3 (inc) to 5.10.240 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.187 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.143 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.96 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.36 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.5 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a possible null pointer dereference in the Linux kernel's drm/tegra component. Specifically, in the function tegra_crtc_reset(), memory is allocated with kzalloc() without checking if the allocation was successful. If the allocation fails and returns null, subsequent code that uses this memory without checking can cause a null pointer dereference, potentially leading to a system crash or instability.
How can this vulnerability impact me? :
The vulnerability can cause a null pointer dereference, which may lead to a system crash or instability in the Linux kernel's graphics subsystem on affected Tegra devices. This could result in denial of service or unexpected behavior in graphics-related operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the drm/tegra null pointer dereference issue has been fixed. Ensure that the patch which adds the necessary null check in tegra_crtc_reset() before calling __drm_atomic_helper_crtc_reset is applied.