#VU113389 NULL pointer dereference in Linux kernel - CVE-2025-38468
Published: July 29, 2025
Vulnerability identifier: #VU113389
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38468
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the htb_lookup_leaf() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/0e1d5d9b5c5966e2e42e298670808590db5ed628
- https://git.kernel.org/stable/c/3691f84269a23f7edd263e9b6edbc27b7ae332f4
- https://git.kernel.org/stable/c/7ff2d83ecf2619060f30ecf9fad4f2a700fca344
- https://git.kernel.org/stable/c/890a5d423ef0a7bd13447ceaffad21189f557301
- https://git.kernel.org/stable/c/e5c480dc62a3025b8428d4818e722da30ad6804f