CVE-2025-38381
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's cs40l50-vibra driver, specifically in the cs40l50_upload_owt() function. The function allocates memory using kmalloc() but does not check if the allocation was successful. If the allocation fails and returns NULL, the function may dereference this NULL pointer, leading to a potential crash or undefined behavior. The fix involves checking the allocation result and returning an error code (-ENOMEM) if the allocation fails.
How can this vulnerability impact me? :
If exploited, this vulnerability could cause the Linux kernel to dereference a NULL pointer, potentially leading to a system crash or instability. This could result in denial of service or unexpected behavior in systems using the affected driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the cs40l50_upload_owt() function, which properly handles memory allocation failure by returning -ENOMEM. Avoid using vulnerable kernel versions until the patch is applied.