CVE-2025-38363
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
25/07/2025
Last modified:
16/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/tegra: Fix a possible null pointer dereference<br />
<br />
In tegra_crtc_reset(), new memory is allocated with kzalloc(), but<br />
no check is performed. Before calling __drm_atomic_helper_crtc_reset,<br />
state should be checked to prevent possible null pointer dereference.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.3 (including) | 5.10.240 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.187 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.143 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.96 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.36 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.5 (excluding) |
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/31ac2c680a8ac11dc54a5b339a07e138bcedd924
- https://git.kernel.org/stable/c/5ff3636bcc32e1cb747f6f820bcf2bb6990a7d41
- https://git.kernel.org/stable/c/780351a5f61416ed2ba1199cc57e4a076fca644d
- https://git.kernel.org/stable/c/99a25fc7933b88d5e16668bf6ba2d098e1754406
- https://git.kernel.org/stable/c/ab390ab81241cf8bf37c0a0ac2e9c6606bf3e991
- https://git.kernel.org/stable/c/ac4ca634f0c9f227538711d725339293f7047b02
- https://git.kernel.org/stable/c/c7fc459ae6f988e0d5045a270bd600ab08bc61f1
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html