CVE-2025-38635
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davinci_lpsc_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, davinci_lpsc_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensuring no resources are left allocated.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-38635
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
linux linux_kernel 5.10.244-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's davinci clock driver where a function called devm_kasprintf() can return NULL if memory allocation fails. The function davinci_lpsc_clk_register() did not check for this NULL return value, leading to a NULL pointer dereference, which can cause the system to crash or behave unexpectedly. The fix adds a NULL check after devm_kasprintf() to prevent this issue and ensure no resources are leaked.

Impact Analysis

The vulnerability can cause a NULL pointer dereference in the Linux kernel, potentially leading to system crashes or instability. This can disrupt normal operations and may require a system reboot or recovery.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38635. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart