CVE-2025-38597NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedAug 19

Description

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of video ports, so while binding the vop2, we look through the list of available windows trying to find one designated as primary-plane and usable by that specific port. The code later wants to use drm_crtc_init_with_planes with that found primary plane, but nothing has checked so far if a primary pla

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel5.196.15.10+1
Debianlinux/linux_kernel< 6.16.3-1
CVEListV5linux/linux604be85547ce4d61b89292d2f9a78c721b778c16e1eef239399927b368f70a716044fb10085627c8+3
debiandebian/linux< linux 6.16.3-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-crhg-x4f2-mvmv: In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Eac2025-08-19
OSV
CVE-2025-38597: In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each2025-08-19

📋Vendor Advisories

3
Red Hat
kernel: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port2025-08-19
Microsoft
drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port2025-08-12
Debian
CVE-2025-38597: linux - In the Linux kernel, the following vulnerability has been resolved: drm/rockchi...2025