CVE-2025-38645
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev->dm allocation in mlx5_init_once() fails.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-08-22
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38645
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's mlx5 network driver. It occurs because the code does not check if the device memory pointer is NULL before using it. If the device memory allocation fails during initialization (mlx5_init_once), the driver may attempt to access a NULL pointer, leading to a crash. The fix adds a NULL check to prevent this crash.


How can this vulnerability impact me? :

If the device memory allocation fails and the NULL pointer is accessed without a check, it can cause the Linux kernel to crash, leading to system instability or downtime. This can affect the availability of the system or network services relying on the mlx5 driver.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart