CVE-2025-38381NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-908Use of Uninitialized Resource18 documents7 sources
Severity
5.5MEDIUMNVD
OSV5.6
EPSS
0.0%
top 95.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedJul 25
Latest updateNov 4

Description

In the Linux kernel, the following vulnerability has been resolved: Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() The cs40l50_upload_owt() function allocates memory via kmalloc() without checking for allocation failure, which could lead to a NULL pointer dereference. Return -ENOMEM in case allocation fails.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

NVDlinux/linux_kernel6.116.12.37+2
Debianlinux/linux_kernel< 6.12.37-1+1
CVEListV5linux/linuxc38fe1bb5d21c2ce0857965ee06174ee587d6b42ea20568895c1122f15b6fc9e8d02c6cbe22964f8+3

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

8
OSV
linux-hwe-6.14 vulnerabilities2025-11-04
OSV
linux-gcp-6.14 vulnerabilities2025-10-31
OSV
linux-aws-6.14 vulnerabilities2025-10-24
OSV
linux-realtime-6.14 vulnerabilities2025-10-22
OSV
linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14 vulnerabilities2025-10-22

📋Vendor Advisories

9
Ubuntu
Linux kernel (HWE) vulnerabilities2025-11-04
Ubuntu
Linux kernel (GCP) vulnerabilities2025-10-31
Ubuntu
Linux kernel (AWS) vulnerabilities2025-10-24
Ubuntu
Linux kernel (Azure) vulnerabilities2025-10-22
Ubuntu
Linux kernel (Real-time) vulnerabilities2025-10-22
CVE-2025-38381 — NULL Pointer Dereference in Linux | cvebase