CVE-2025-38143 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_configure() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1be2000b703b02e149f8f2061054489f6c18c972
https://git.kernel.org/stable/c/21528806560510458378ea52c37e35b0773afaea
https://git.kernel.org/stable/c/4a715be3fe80b68fa55cb3569af3d294be101626
https://git.kernel.org/stable/c/6a56446595730a5e3f06a30902e23cb037d28146
https://git.kernel.org/stable/c/9d06ac32c202142da40904180f2669ed4f5073ac
https://git.kernel.org/stable/c/e12d3e1624a02706cdd3628bbf5668827214fa33
https://git.kernel.org/stable/c/fde314445332015273c8f51d2659885c606fe135
https://lore.kernel.org/linux-cve-announce/2025070334-CVE-2025-38143-09c4@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38143
https://www.cve.org/CVERecord?id=CVE-2025-38143

History

Fri, 04 Jul 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025070334-CVE-2025-38143-09c4@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38143 https://www.cve.org/CVERecord?id=CVE-2025-38143
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 03 Jul 2025 09:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_configure() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.
Title		backlight: pm8941: Add NULL check in wled_configure()
References		https://git.kernel.org/stable/c/1be2000b703b02e149f8f2061054489f6c18c972 https://git.kernel.org/stable/c/21528806560510458378ea52c37e35b0773afaea https://git.kernel.org/stable/c/4a715be3fe80b68fa55cb3569af3d294be101626 https://git.kernel.org/stable/c/6a56446595730a5e3f06a30902e23cb037d28146 https://git.kernel.org/stable/c/9d06ac32c202142da40904180f2669ed4f5073ac https://git.kernel.org/stable/c/e12d3e1624a02706cdd3628bbf5668827214fa33 https://git.kernel.org/stable/c/fde314445332015273c8f51d2659885c606fe135

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-03T08:35:44.224Z

Updated: 2025-07-28T04:13:23.772Z

Reserved: 2025-04-16T04:51:23.987Z

Link: CVE-2025-38143

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-07-03T09:15:29.017

Modified: 2025-07-03T15:13:53.147

Link: CVE-2025-38143

Redhat

Severity : Moderate

Publid Date: 2025-07-03T00:00:00Z

Links: CVE-2025-38143 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object