5.5
CVE-2025-38301
- EPSS 0.14%
- Veröffentlicht 10.07.2025 07:42:13
- Zuletzt bearbeitet 19.11.2025 20:13:48
- CVE-Watchlists
- Unerledigt
nvmem: zynqmp_nvmem: unbreak driver after cleanup
In the Linux kernel, the following vulnerability has been resolved:
nvmem: zynqmp_nvmem: unbreak driver after cleanup
Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup")
changed the driver to expect the device pointer to be passed as the
"context", but in nvmem the context parameter comes from nvmem_config.priv
which is never set - Leading to null pointer exceptions when the device is
accessed.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.9 < 6.12.34
Linux ≫ Linux Kernel Version >= 6.13 < 6.15.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.039 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/c8bb1bcea877446f86922a8fd1661b8c07d90e5c
https://git.kernel.org/stable/c/3728101f56ef54425a11027a3ddc2c3941d60b71
https://git.kernel.org/stable/c/fe8abdd175d7b547ae1a612757e7902bcd62e9cf