CVE-2025-38693
Modified Modified - Updated After Analysis
BaseFortify

Publication date: 2025-09-04

Last updated on: 2026-05-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-38693
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
linux linux_kernel 5.10.244-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a null pointer dereference in the Linux kernel's media dvb-frontends driver for the w7090p tuner. Specifically, in the function w7090p_tuner_write_serpar, a user-controlled message (msg) can cause a null pointer dereference if msg[0].buf is null and msg[0].len is zero. The code previously did not properly check msg[0].len before accessing msg[0].buf[2], which could lead to a crash. The fix adds a check on msg[0].len to prevent this null pointer dereference and subsequent crash.

Impact Analysis

This vulnerability can cause a denial of service by crashing the Linux kernel when the affected function accesses a null pointer. An attacker controlling the input message could exploit this to cause system instability or crashes, potentially disrupting services relying on the media dvb-frontends driver.

Mitigation Strategies

Apply the patch or update to the fixed version of the Linux kernel that includes the fix for the null pointer dereference in the w7090p tuner driver. This prevents the crash by adding proper checks on msg[0].len. Until then, avoid using the affected media dvb-frontends w7090p driver if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38693. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart