CVE-2025-38694
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() In dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash. Similar issue occurs when access msg[1].buf[0] and msg[1].buf[1]. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-38694
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.10.244
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a null pointer dereference in the Linux kernel's media dvb-frontends component, specifically in the dib7090p_rw_on_apb() function. The issue occurs because the function processes a user-controlled message (msg) without properly checking if certain buffer pointers (msg[0].buf and msg[1].buf) are null before accessing them. If msg[0].buf is null and msg[0].len is zero, the function may attempt to access msg[0].buf[2], causing a null pointer dereference and potentially crashing the system. Similar unsafe accesses happen with msg[1].buf[0] and msg[1].buf[1]. The fix involves adding checks on msg[0].len to prevent these crashes.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to a null pointer dereference when processing certain user-controlled inputs. Such crashes can lead to denial of service (DoS) conditions, potentially disrupting system availability and stability.

Mitigation Strategies

Apply the patch or update to a Linux kernel version that includes the fix for the null pointer dereference in dib7090p_rw_on_apb(). This prevents the crash caused by improper checks on msg[0].buf and msg[1].buf. Until then, avoid using affected media dvb-frontends that rely on dib7090p to reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38694. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart