CVE-2025-38516 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 16
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
On some platforms, the UFS-reset pin has no interrupt logic in TLMM but
is nevertheless registered as a GPIO in the kernel. This enables the
user-space to trigger a BUG() in the pinctrl-msm driver by running, for
example: `gpiomon -c 0 113` on RB2.
The exact culprit is requesting pins whose intr_detection_width setting
is not 1 or 2 for interrupts. This hits a BU…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linuxf365be0925729508fd8e62f8bdb504ef896cb6e0 — 6a89563ccf9cd0d745e2291302878a061508573f+8
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-38516: In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: msm: mark certain pins as invalid for interrupts On some platforms,↗2025-08-16
GHSA▶
GHSA-3f8h-fgg5-j8hm: In the Linux kernel, the following vulnerability has been resolved:
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
On some platform↗2025-08-16