CVE-2025-38053NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference51 documents6 sources
Severity
5.5MEDIUMNVD
OSV3.2
EPSS
0.0%
top 84.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
LinuxLinux KernelDebian Linux+9 more
Timeline
PublishedJun 18
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: idpf: fix null-ptr-deref in idpf_features_check idpf_features_check is used to validate the TX packet. skb header length is compared with the hardware supported value received from the device control plane. The value is stored in the adapter structure and to access it, vport pointer is used. During reset all the vports are released and the vport pointer that the netdev private structure points to is NULL. To avoid null-ptr-de

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages14 packages

NVDlinux/linux_kernel6.76.12.31+2
Debianlinux/linux_kernel< 6.12.32-1+1
Ubuntulinux/linux_kernel< 6.8.0-100.100
CVEListV5linux/linuxa251eee62133774cf35ff829041377e721ef9c8cf6f5e9c8cb680c3cb9771fd9fa114319cbc4f514+3
debiandebian/linux< linux 6.12.32-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

25
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24
OSV
linux-xilinx vulnerabilities2026-02-24

📋Vendor Advisories

25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-38053 — NULL Pointer Dereference in Linux | cvebase