5.5
CVE-2025-37971
- EPSS 0.15%
- Veröffentlicht 20.05.2025 16:47:17
- Zuletzt bearbeitet 14.11.2025 17:02:19
- CVE-Watchlists
- Unerledigt
staging: bcm2835-camera: Initialise dev in v4l2_dev
In the Linux kernel, the following vulnerability has been resolved:
staging: bcm2835-camera: Initialise dev in v4l2_dev
Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to
vchiq_state") changed mmal_init to pass dev->v4l2_dev.dev to
vchiq_mmal_init, however nothing iniitialised dev->v4l2_dev, so we got
a NULL pointer dereference.
Set dev->v4l2_dev.dev during bcm2835_mmal_probe. The device pointer
could be passed into v4l2_device_register to set it, however that also
has other effects that would need additional changes.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.10 < 6.12.29
Linux ≫ Linux Kernel Version >= 6.13 < 6.14.7
Linux ≫ Linux Kernel Version6.15 Updaterc1
Linux ≫ Linux Kernel Version6.15 Updaterc2
Linux ≫ Linux Kernel Version6.15 Updaterc3
Linux ≫ Linux Kernel Version6.15 Updaterc4
Linux ≫ Linux Kernel Version6.15 Updaterc5
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.042 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/06753f49336ab161ea0e249a0720125b81b7b31b
https://git.kernel.org/stable/c/b70bdd4923e8b8edbacde2af83ca337bb7005261
https://git.kernel.org/stable/c/98698ca0e58734bc5c1c24e5bbc7429f981cd186