CVE-2025-38363

MEDIUM EPSS 6.3%
Published Jul 25, 202511mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix a possible null pointer dereference In tegra_crtc_reset(), new memory is allocated with kzalloc(), but no check is performed. Before calling __drm_atomic_helper_crtc_reset, state should be checked to prevent possible null pointer dereference.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥5.3  –  <5.10.240
linuxlinux_kernel*≥5.11  –  <5.15.187
linuxlinux_kernel*≥5.16  –  <6.1.143
linuxlinux_kernel*≥6.2  –  <6.6.96
linuxlinux_kernel*≥6.7  –  <6.12.36
linuxlinux_kernel*≥6.13  –  <6.15.5
debiandebian_linux11.0any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/31ac2c680a8ac11dc54a5b339a07e138bcedd924
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5ff3636bcc32e1cb747f6f820bcf2bb6990a7d41
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/780351a5f61416ed2ba1199cc57e4a076fca644d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99a25fc7933b88d5e16668bf6ba2d098e1754406
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab390ab81241cf8bf37c0a0ac2e9c6606bf3e991
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac4ca634f0c9f227538711d725339293f7047b02
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7fc459ae6f988e0d5045a270bd600ab08bc61f1
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/31ac2c680a8ac11dc54a5b339a07e138bcedd924
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5ff3636bcc32e1cb747f6f820bcf2bb6990a7d41
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/780351a5f61416ed2ba1199cc57e4a076fca644d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99a25fc7933b88d5e16668bf6ba2d098e1754406
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab390ab81241cf8bf37c0a0ac2e9c6606bf3e991
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac4ca634f0c9f227538711d725339293f7047b02
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7fc459ae6f988e0d5045a270bd600ab08bc61f1
    Patch