CVE-2025-37910

MEDIUM

Linux Kernel - Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations On Adva boards, SMA sysfs store/get operations can call __handle_signal_outputs() or __handle_signal_inputs() while the `irig` and `dcf` pointers are uninitialized, leading to a NULL pointer dereference in __handle_signal() and causing a kernel crash. Adva boards don't use `irig` or `dcf` functionality, so add Adva-specific callbacks `ptp_ocp_sma_adva_set_outputs()` and `ptp_ocp_sma_adva_set_inputs()` that avoid invoking `irig` or `dcf` input/output routines.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/8a543d825e78b8d680d8f891381b83fbffdb0bb6

Patch

https://git.kernel.org/stable/c/5b349f9cdb4a9daa133bea267dfc0c383628387a

Patch

https://git.kernel.org/stable/c/e98386d79a23c57cf179fe4138322e277aa3aa74

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 5.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (12)

linux/Kernel 6.13.0 - 6.14.6linux

linux/Kernel 6.9.0 - 6.12.28linux

Linux/Linux < 6.9

Linux/Linux 6.12.28 - 6.12.*

Linux/Linux 6.14.6 - 6.14.*

Linux/Linux 6.15

Linux/Linux 6.9

Linux/Linux ef61f5528fca6c3bbb2f8bc002fd1949c9d1f9b9 - 5b349f9cdb4a9daa133bea267dfc0c383628387a

Linux/Linux ef61f5528fca6c3bbb2f8bc002fd1949c9d1f9b9 - 8a543d825e78b8d680d8f891381b83fbffdb0bb6

Linux/Linux ef61f5528fca6c3bbb2f8bc002fd1949c9d1f9b9 - e98386d79a23c57cf179fe4138322e277aa3aa74

... and 2 more

Published May 20, 2025

Tracked Since Feb 18, 2026