CVE-2025-38664 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference CWE-667 — Improper Locking36 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 96.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedAug 22

Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel5.4 — 5.4.297+7

▶Debianlinux/linux_kernel< 5.10.244-1+3

▶CVEListV5linux/linuxc7648810961682b9388be2dd041df06915647445 — 35370d3b44efe194fd5ad55bac987e629597d782+8

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-j7mj-6w2q-p8rp: In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the↗2025-08-22

▶

CVEList

ice: Fix a null pointer dereference in ice_copy_and_init_pkg()↗2025-08-22

▶

OSV

CVE-2025-38664: In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the r↗2025-08-22

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Xilinx) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (IBM) vulnerabilities↗2026-02-24

▶