CVE-2025-38558 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference16 documents6 sources

Severity

5.5MEDIUMNVD

OSV3.2

EPSS

0.0%

top 97.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedAug 19

Latest updateDec 15

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34aca ("usb: gadget: uvc: Allow creating new color matching descriptors") that added handling for uncompressed and mjpeg format. Crash is seen when userspace configuration (via configfs) does not explicitl…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel6.13 — 6.15.10+1

▶Debianlinux/linux_kernel< 6.16.3-1

▶CVEListV5linux/linux7b5a58952fc3b51905c2963647485565df1e5e26 — 6db61c1aa23075eeee90e083ca3f6567a5635da6+3

▶debiandebian/linux< linux 6.16.3-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-azure, linux-azure-6.14 vulnerabilities↗2025-12-15

▶

OSV

linux-gcp-6.14, linux-raspi vulnerabilities↗2025-12-04

▶

OSV

linux-aws-6.14, linux-oracle-6.14 vulnerabilities↗2025-11-26

▶

OSV

linux-oem-6.14 vulnerabilities↗2025-11-21

▶

OSV

linux, linux-aws, linux-gcp, linux-hwe-6.14, linux-oracle, linux-realtime vulnerabilities↗2025-11-21

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-12-15

▶

Ubuntu

Linux kernel vulnerabilities↗2025-12-04

▶

Ubuntu

Linux kernel vulnerabilities↗2025-11-26

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2025-11-21

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2025-11-21

▶