CVE-2025-38138
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
03/07/2025
Last modified:
17/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
dmaengine: ti: Add NULL check in udma_probe()<br />
<br />
devm_kasprintf() returns NULL when memory allocation fails. Currently,<br />
udma_probe() does not check for this case, which results in a NULL<br />
pointer dereference.<br />
<br />
Add NULL check after devm_kasprintf() to prevent this issue.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.6 (including) | 5.10.239 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.186 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.142 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.94 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.34 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.3 (excluding) |
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/643db430f4cbd91dd2b63c49d62d0abb6debc13b
- https://git.kernel.org/stable/c/9f133e04c62246353b8b1f0a679535c65161ebcf
- https://git.kernel.org/stable/c/b79e10050d9d1e200541d25751dd5cb8ec58483c
- https://git.kernel.org/stable/c/bc6ddff79835f71310a21645d8fcf08ec473e969
- https://git.kernel.org/stable/c/d61d5ba5bd5b0e39e30b34dcd92946e084bca0d0
- https://git.kernel.org/stable/c/ec1ea394c40523835bbedd8fc4934b77b461b6fe
- https://git.kernel.org/stable/c/fd447415e74bccd7362f760d4ea727f8e1ebfe91
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html