5.5

CVE-2025-38274

fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()

In the Linux kernel, the following vulnerability has been resolved:

fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()

fpga_mgr_test_img_load_sgt() allocates memory for sgt using
kunit_kzalloc() however it does not check if the allocation failed.
It then passes sgt to sg_alloc_table(), which passes it to
__sg_alloc_table(). This function calls memset() on sgt in an attempt to
zero it out. If the allocation fails then sgt will be NULL and the
memset will trigger a NULL pointer dereference.

Fix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.6 < 6.6.94
LinuxLinux Kernel Version >= 6.7 < 6.12.34
LinuxLinux Kernel Version >= 6.13 < 6.15.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/e69e2cfd8b38d9463a250e153ef4963a604d61e9
Patch
https://git.kernel.org/stable/c/8b2230ac7ff0aeb2441132df638a82ab124f8624
Patch
https://git.kernel.org/stable/c/eb4c74eaa6e2d15f3bbd32941c9d2a25b29a718d
Patch
https://git.kernel.org/stable/c/6ebf1982038af12f3588417e4fd0417d2551da28
Patch