CVE-2025-38122

MEDIUM

Linux Kernel - Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo() did not check for this case before dereferencing the returned pointer. Add a missing NULL check to prevent a potential NULL pointer dereference when allocation fails. This improves robustness in low-memory scenarios.

References (7)

Core 7

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Patch

https://git.kernel.org/stable/c/ae98a1787fdcb0096d122bc80d93c3c7d812c04b

Patch

https://git.kernel.org/stable/c/2e5ead9e4e91fbe7799bd38afd8904543be1cb51

Patch

https://git.kernel.org/stable/c/7f6265fce3bd424ded666481b37f106d7915fb6b

Patch

https://git.kernel.org/stable/c/a0319c9b1648a67511e947a596ca86888451c0a7

Patch

https://git.kernel.org/stable/c/c741a7ef68023ac800054e2131c3e22e647fd7e3

Patch

https://git.kernel.org/stable/c/12c331b29c7397ac3b03584e12902990693bc248

Scores

CVSS v3 5.5

EPSS 0.0009

EPSS Percentile 25.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (21)

debian/debian_linux 11.0

linux/Kernel 5.14.0 - 5.15.186linux

linux/Kernel 5.16.0 - 6.1.142linux

linux/Kernel 6.13.0 - 6.15.3linux

linux/Kernel 6.2.0 - 6.6.94linux

linux/Kernel 6.7.0 - 6.12.34linux

Linux/Linux < 5.14

Linux/Linux 5.14

Linux/Linux 5.15.186 - 5.15.*

Linux/Linux 6.1.142 - 6.1.*

... and 11 more

Published Jul 03, 2025

Tracked Since Feb 18, 2026