-

CVE-2025-38693

EPSS 0.05%
Veröffentlicht 04.09.2025 15:32:46
Zuletzt bearbeitet 05.09.2025 17:47:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar

In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add
check on msg[0].len to prevent crash.

Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 7a41ecfc3415ebe3b4c44f96b3337691dcf431a3

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < b3d77a3fc71c084575d3df4ec6544b3fb6ce587d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 17b30e5ded062bd74f8ca6f317e1d415a8680665

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 454a443eaa792c8865c861a282fe6d4f596abc3a

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 6bbaec6a036940e22318f0454b50b8000845ab59

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < f98132a59ccc59a8b97987363bc99c8968934756

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 99690a494d91a0dc86cebd628da4c62c40552bcb

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 39b06b93f24dff923c4183d564ed28c039150554

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < ed0234c8458b3149f15e496b48a1c9874dd24a1b

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.43

Status unaffected

Version <= 6.15.*

Version 6.15.11

Status unaffected

Version <= 6.16.*

Version 6.16.2

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/7a41ecfc3415ebe3b4c44f96b3337691dcf431a3

https://git.kernel.org/stable/c/b3d77a3fc71c084575d3df4ec6544b3fb6ce587d

https://git.kernel.org/stable/c/17b30e5ded062bd74f8ca6f317e1d415a8680665

https://git.kernel.org/stable/c/454a443eaa792c8865c861a282fe6d4f596abc3a

https://git.kernel.org/stable/c/6bbaec6a036940e22318f0454b50b8000845ab59

https://git.kernel.org/stable/c/f98132a59ccc59a8b97987363bc99c8968934756

https://git.kernel.org/stable/c/99690a494d91a0dc86cebd628da4c62c40552bcb

https://git.kernel.org/stable/c/39b06b93f24dff923c4183d564ed28c039150554

https://git.kernel.org/stable/c/ed0234c8458b3149f15e496b48a1c9874dd24a1b

https://nvd.nist.gov/vuln/detail/CVE-2025-38693

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38693

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38693

EUVD