#VU111557 NULL pointer dereference in Linux kernel - CVE-2025-38034
Published: June 20, 2025
Vulnerability identifier: #VU111557
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38034
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/0528bba48dce7820d2da72e1a114e1c4552367eb
- https://git.kernel.org/stable/c/137bfa08c6441f324d00692d1e9d22cfd773329b
- https://git.kernel.org/stable/c/5755b6731655e248c4f1d52a2e1b18795b4a2a3a
- https://git.kernel.org/stable/c/7a97f961a568a8f72472dc804af02a0f73152c5f
- https://git.kernel.org/stable/c/7f7c8c03feba5f2454792fab3bb8bd45bd6883f9
- https://git.kernel.org/stable/c/a641154cedf9d69730f8af5d0a901fe86e6486bd
- https://git.kernel.org/stable/c/a876703894a6dd6e8c04b0635d86e9f7a7c81b79
- https://git.kernel.org/stable/c/bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e