CVE-2025-38274
MEDIUM EPSS 5.1%
Published Jul 10, 202511mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Jul 10, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() fpga_mgr_test_img_load_sgt() allocates memory for sgt using kunit_kzalloc() however it does not check if the allocation failed. It then passes sgt to sg_alloc_table(), which passes it to __sg_alloc_table(). This function calls memset() on sgt in an attempt to zero it out. If the allocation fails then sgt will be NULL and the memset will trigger a NULL pointer dereference. Fix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL().
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
5.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 3
References 4
- git.kernel.org https://git.kernel.org/stable/c/6ebf1982038af12f3588417e4fd0417d2551da28
- git.kernel.org https://git.kernel.org/stable/c/8b2230ac7ff0aeb2441132df638a82ab124f8624
- git.kernel.org https://git.kernel.org/stable/c/e69e2cfd8b38d9463a250e153ef4963a604d61e9
- git.kernel.org https://git.kernel.org/stable/c/eb4c74eaa6e2d15f3bbd32941c9d2a25b29a718d
Remediation
- git.kernel.org https://git.kernel.org/stable/c/6ebf1982038af12f3588417e4fd0417d2551da28
- git.kernel.org https://git.kernel.org/stable/c/8b2230ac7ff0aeb2441132df638a82ab124f8624
- git.kernel.org https://git.kernel.org/stable/c/e69e2cfd8b38d9463a250e153ef4963a604d61e9
- git.kernel.org https://git.kernel.org/stable/c/eb4c74eaa6e2d15f3bbd32941c9d2a25b29a718d