CVE-2025-38630 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 22
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot
allocate a struct fb_modelist. If that happens, the modelist stays empty but
the driver continues to register. Add a check for its return value to prevent
poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev:
Fix do_register_framebuffer to prevent null-ptr-deref in…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c — 69373502c2b5d364842c702c941d1171e4f35a7c+9
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-38630: In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode()↗2025-08-22
GHSA▶
GHSA-fwmh-rv23-rjr3: In the Linux kernel, the following vulnerability has been resolved:
fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
fb_add_videomode(↗2025-08-22