CVE-2025-38284NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference19 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 92.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJul 10
Latest updateDec 3

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: configure manual DAC mode via PCI config API only To support 36-bit DMA, configure chip proprietary bit via PCI config API or chip DBI interface. However, the PCI device mmap isn't set yet and the DBI is also inaccessible via mmap, so only if the bit can be accessible via PCI config API, chip can support 36-bit DMA. Otherwise, fallback to 32-bit DMA. With NULL mmap address, kernel throws trace: BUG: unable

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.116.15.3
Debianlinux/linux_kernel< 6.16.3-1
CVEListV5linux/linux1fd4b3fe52efd5ad1647966f619c10988e7a4457e1e0f046041474004dc6ebce5ce1d3e86556291d+2
debiandebian/linux< linux 6.16.3-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime vulnerabilities2025-12-03
OSV
linux-raspi vulnerabilities2025-10-08
OSV
linux-oracle-6.14 vulnerabilities2025-10-01
OSV
linux-aws-6.14, linux-hwe-6.14 vulnerabilities2025-09-26
OSV
linux-realtime-6.14 vulnerabilities2025-09-24

📋Vendor Advisories

9
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-10-08
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-01
Ubuntu
Linux kernel vulnerabilities2025-09-26
Ubuntu
Linux kernel vulnerabilities2025-09-25
Ubuntu
Linux kernel (OEM) vulnerabilities2025-09-24
CVE-2025-38284 — NULL Pointer Dereference in Linux | cvebase