SB2025090477 - NULL pointer dereference in Linux kernel net usb driver
Published: September 4, 2025
Security Bulletin ID
SB2025090477
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38725)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ax88772_init_mdio() function in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4faff70959d51078f9ee8372f8cff0d7045e4114
- https://git.kernel.org/stable/c/59ed6fbdb1bc03316e09493ffde7066f031c7524
- https://git.kernel.org/stable/c/75947d3200de98a9ded9ad8972e02f1a177097fe
- https://git.kernel.org/stable/c/a754ab53993b1585132e871c5d811167ad3c52ff
- https://git.kernel.org/stable/c/ad1f8313aeec0115f9978bd2d002ef4a8d96c773
- https://git.kernel.org/stable/c/ccef5ee4adf56472aa26bdd1f821a6d0cd06089a
- https://git.kernel.org/stable/c/ee2cd40b0bb46056949a2319084a729d95389386