5.5

CVE-2025-38122

gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO

In the Linux kernel, the following vulnerability has been resolved:

gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO

gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()
did not check for this case before dereferencing the returned pointer.

Add a missing NULL check to prevent a potential NULL pointer
dereference when allocation fails.

This improves robustness in low-memory scenarios.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.14 < 5.15.186
LinuxLinux Kernel Version >= 5.16 < 6.1.142
LinuxLinux Kernel Version >= 6.2 < 6.6.94
LinuxLinux Kernel Version >= 6.7 < 6.12.34
LinuxLinux Kernel Version >= 6.13 < 6.15.3
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.051
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/ae98a1787fdcb0096d122bc80d93c3c7d812c04b
Patch
https://git.kernel.org/stable/c/2e5ead9e4e91fbe7799bd38afd8904543be1cb51
Patch
https://git.kernel.org/stable/c/7f6265fce3bd424ded666481b37f106d7915fb6b
Patch
https://git.kernel.org/stable/c/a0319c9b1648a67511e947a596ca86888451c0a7
Patch
https://git.kernel.org/stable/c/c741a7ef68023ac800054e2131c3e22e647fd7e3
Patch
https://git.kernel.org/stable/c/12c331b29c7397ac3b03584e12902990693bc248
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory