SB2025070549 - Use of uninitialized resource in Linux kernel usb dvb-usb driver
Published: July 5, 2025
Security Bulletin ID
SB2025070549
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2025-38229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cxusb_gpio_tuner() function in drivers/media/usb/dvb-usb/cxusb.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/04354c529c8246a38ae28f713fd6bfdc028113bc
- https://git.kernel.org/stable/c/390b864e3281802109dfe56e508396683e125653
- https://git.kernel.org/stable/c/41807a5f67420464ac8ee7741504f6b5decb3b7c
- https://git.kernel.org/stable/c/73fb3b92da84637e3817580fa205d48065924e15
- https://git.kernel.org/stable/c/84eca597baa346f09b30accdaeca10ced3eeba2d
- https://git.kernel.org/stable/c/8b35b50b7e98d8e9a0a27257c8424448afae10de
- https://git.kernel.org/stable/c/9bff888c92f5c25effbb876d22a793c2388c1ccc