SB2025071115 - NULL pointer dereference in Linux kernel phy qualcomm driver
Published: July 11, 2025
Security Bulletin ID
SB2025071115
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38275)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usb_iomap() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0b979a409e40457ca1b5cb48755d1f34eee58805
- https://git.kernel.org/stable/c/0c33117f00c8c5363c22676931b22ae5041f7603
- https://git.kernel.org/stable/c/127dfb4f1c5a2b622039c5d203f321380ea36665
- https://git.kernel.org/stable/c/5072c1749197fc28b27d7efc0d80320d7cac9572
- https://git.kernel.org/stable/c/d14402a38c2d868cacb1facaf9be908ca6558e59