#VU111555 NULL pointer dereference in Linux kernel - CVE-2025-38035
Published: June 20, 2025
Vulnerability identifier: #VU111555
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38035
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_restore_socket_callbacks() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/17e58be5b49f58bf17799a504f55c2d05ab2ecdc
- https://git.kernel.org/stable/c/3a982ada411b8c52695f1784c3f4784771f30209
- https://git.kernel.org/stable/c/46d22b47df2741996af277a2838b95f130436c13
- https://git.kernel.org/stable/c/6265538446e2426f4bf3b57e91d7680b2047ddd9
- https://git.kernel.org/stable/c/a21cb31642ffc84ca4ce55028212a96f72f54d30
- https://git.kernel.org/stable/c/c240375587ddcc80e1022f52ee32b946bbc3a639
- https://git.kernel.org/stable/c/ec462449f4cf616b0aa2ed119f5f44b5fdfcefab
- https://git.kernel.org/stable/c/fc01b547c3f8bfa6e1d23cd5a2c63c736e8c3e4e