CVE-2025-38138 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udma_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, udma_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/643db430f4cbd91dd2b63c49d62d0abb6debc13b
https://git.kernel.org/stable/c/9f133e04c62246353b8b1f0a679535c65161ebcf
https://git.kernel.org/stable/c/b79e10050d9d1e200541d25751dd5cb8ec58483c
https://git.kernel.org/stable/c/bc6ddff79835f71310a21645d8fcf08ec473e969
https://git.kernel.org/stable/c/d61d5ba5bd5b0e39e30b34dcd92946e084bca0d0
https://git.kernel.org/stable/c/ec1ea394c40523835bbedd8fc4934b77b461b6fe
https://git.kernel.org/stable/c/fd447415e74bccd7362f760d4ea727f8e1ebfe91
https://lore.kernel.org/linux-cve-announce/2025070332-CVE-2025-38138-e28b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38138
https://www.cve.org/CVERecord?id=CVE-2025-38138

History

Fri, 04 Jul 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025070332-CVE-2025-38138-e28b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38138 https://www.cve.org/CVERecord?id=CVE-2025-38138
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Thu, 03 Jul 2025 09:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udma_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, udma_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.
Title		dmaengine: ti: Add NULL check in udma_probe()
References		https://git.kernel.org/stable/c/643db430f4cbd91dd2b63c49d62d0abb6debc13b https://git.kernel.org/stable/c/9f133e04c62246353b8b1f0a679535c65161ebcf https://git.kernel.org/stable/c/b79e10050d9d1e200541d25751dd5cb8ec58483c https://git.kernel.org/stable/c/bc6ddff79835f71310a21645d8fcf08ec473e969 https://git.kernel.org/stable/c/d61d5ba5bd5b0e39e30b34dcd92946e084bca0d0 https://git.kernel.org/stable/c/ec1ea394c40523835bbedd8fc4934b77b461b6fe https://git.kernel.org/stable/c/fd447415e74bccd7362f760d4ea727f8e1ebfe91

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-03T08:35:40.499Z

Updated: 2025-07-28T04:13:16.378Z

Reserved: 2025-04-16T04:51:23.987Z

Link: CVE-2025-38138

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-07-03T09:15:28.360

Modified: 2025-07-03T15:13:53.147

Link: CVE-2025-38138

Redhat

Severity : Moderate

Publid Date: 2025-07-03T00:00:00Z

Links: CVE-2025-38138 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object