#VU112311 NULL pointer dereference in Linux kernel - CVE-2025-38184
Published: July 5, 2025
Vulnerability identifier: #VU112311
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38184
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/05d332ba075753d569d66333d62d60fff5f57ad8
- https://git.kernel.org/stable/c/0d3d91c3500f0c480e016faa4e2259c588616e59
- https://git.kernel.org/stable/c/0f4a72fb266e48dbe928e1d936eab149e4ac3e1b
- https://git.kernel.org/stable/c/3998283e4c32c0fe69edd59b0876c193f50abce6
- https://git.kernel.org/stable/c/8595350615f952fcf8bc861464a6bf6b1129af50
- https://git.kernel.org/stable/c/c2e17984752b9131061d1a2ca1199da2706337fd
- https://git.kernel.org/stable/c/d3dfe821dfe091c0045044343c8d86596d66e2cf
- https://git.kernel.org/stable/c/f82727adcf2992822e12198792af450a76ebd5ef