CVE-2025-38123NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference53 documents8 sources
Severity
5.5MEDIUMNVD
OSV3.2
EPSS
0.1%
top 77.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedJul 3
Latest updateApr 18

Description

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix napi rx poll issue When driver handles the napi rx polling requests, the netdev might have been released by the dellink logic triggered by the disconnect operation on user plane. However, in the logic of processing skb in polling, an invalid netdev is still being used, which causes a panic. BUG: kernel NULL pointer dereference, address: 00000000000000f1 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:dev_gro_

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages15 packages

NVDlinux/linux_kernel6.26.6.94+2
Debianlinux/linux_kernel< 6.12.35-1+1
Ubuntulinux/linux_kernel< 6.8.0-100.100
CVEListV5linux/linux5545b7b9f294de7f95ec6a7cb1de0db52296001ccc89f457d9133a558d4e8ef26dc20843c2d12073+4

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

26
VulDB
Linux Kernel up to 6.6.93/6.12.33/6.15.2 net dev_gro_receive null pointer dereference (EUVD-2025-19820 / Nessus ID 250016)2026-04-18
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24

📋Vendor Advisories

26
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-38123 — NULL Pointer Dereference in Linux | cvebase