#VU112306 NULL pointer dereference in Linux kernel - CVE-2025-38197
Published: July 5, 2025
Vulnerability identifier: #VU112306
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38197
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the packet_read_list() and packet_empty_list() functions in drivers/platform/x86/dell/dell_rbu.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/07d7b8e7ef7d1f812a6211ed531947c56d09e95e
- https://git.kernel.org/stable/c/32d05e6cc3a7bf6c8f16f7b7ef8fe80eca0c233e
- https://git.kernel.org/stable/c/4d71f2c1e5263a9f042faa71d59515709869dc79
- https://git.kernel.org/stable/c/5e8c658acd1b7c186aeffa46bf08795e121f401a
- https://git.kernel.org/stable/c/61ce04601e0d8265ec6d2ffa6df5a7e1bce64854
- https://git.kernel.org/stable/c/a7b477b64ef5e37cb08dd536ae07c46f9f28262e
- https://git.kernel.org/stable/c/f3b840fb1508a80cd8a0efb5c886ae1995a88b24