CVE-2025-38007

MEDIUM EPSS 5.4%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogic_input_configured() devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥6.1.53  –  <6.1.140
linuxlinux_kernel*≥6.4.16  –  <6.5
linuxlinux_kernel*≥6.5.3  –  <6.6.92
linuxlinux_kernel*≥6.7  –  <6.12.30
linuxlinux_kernel*≥6.13  –  <6.14.8
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/00d52b2fa6083dd0f5c44f3604cd1bad1f9177dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/01b76cc8ca243fc3376b035aa326bbc4f03d384b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94e7272b636a0677082e0604609e4c471e0a2caf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9f58479a1a2c6f72907679c4df2f4ed92b05b39
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad6caaf29bc26a48b1241ce82561fcbcf0a75aa9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b616453d719ee1b8bf2ea6f6cc6c6258a572a590
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bd07f751208ba190f9b0db5e5b7f35d5bb4a8a1e
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/00d52b2fa6083dd0f5c44f3604cd1bad1f9177dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/01b76cc8ca243fc3376b035aa326bbc4f03d384b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94e7272b636a0677082e0604609e4c471e0a2caf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9f58479a1a2c6f72907679c4df2f4ed92b05b39
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad6caaf29bc26a48b1241ce82561fcbcf0a75aa9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b616453d719ee1b8bf2ea6f6cc6c6258a572a590
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bd07f751208ba190f9b0db5e5b7f35d5bb4a8a1e
    Patch