CVE-2025-38645
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
22/08/2025
Last modified:
07/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net/mlx5: Check device memory pointer before usage<br />
<br />
Add a NULL check before accessing device memory to prevent a crash if<br />
dev->dm allocation in mlx5_init_once() fails.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4 (including) | 5.15.190 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.148 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.102 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.42 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.16 (including) | 6.16.1 (excluding) |
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3046b011d368162b1b9ca9453eee0fea930e0a93
- https://git.kernel.org/stable/c/4249f1307932f1b6bbb8b7eba60d82f0b7e44430
- https://git.kernel.org/stable/c/62d7cf455c887941ed6f105cd430ba04ee0b6c9f
- https://git.kernel.org/stable/c/70f238c902b8c0461ae6fbb8d1a0bbddc4350eea
- https://git.kernel.org/stable/c/9053a69abfb5680c2a95292b96df5d204bc0776f
- https://git.kernel.org/stable/c/da899a1fd7c40e2e4302af1db7d0b8540fb22283
- https://git.kernel.org/stable/c/eebb225fe6c9103293807b8edabcbad59f9589bc
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html