Use of uninitialized resource in Linux kernel usb dvb-usb driver

Published: 2025-07-05

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-38229
CWE-ID	CWE-908
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use of uninitialized resource

EUVDB-ID: #VU112321

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38229

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cxusb_gpio_tuner() function in drivers/media/usb/dvb-usb/cxusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/04354c529c8246a38ae28f713fd6bfdc028113bc
https://git.kernel.org/stable/c/390b864e3281802109dfe56e508396683e125653
https://git.kernel.org/stable/c/41807a5f67420464ac8ee7741504f6b5decb3b7c
https://git.kernel.org/stable/c/73fb3b92da84637e3817580fa205d48065924e15
https://git.kernel.org/stable/c/84eca597baa346f09b30accdaeca10ced3eeba2d
https://git.kernel.org/stable/c/8b35b50b7e98d8e9a0a27257c8424448afae10de
https://git.kernel.org/stable/c/9bff888c92f5c25effbb876d22a793c2388c1ccc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.