CVE-2025-38130

MEDIUM

Linux Kernel 6.14-6.15.3 - Null Pointer Dereference in HDMI Audio Helper

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/connector: only call HDMI audio helper plugged cb if non-null On driver remove, sound/soc/codecs/hdmi-codec.c calls the plugged_cb with NULL as the callback function and codec_dev, as seen in its hdmi_remove function. The HDMI audio helper then happily tries calling said null function pointer, and produces an Oops as a result. Fix this by only executing the callback if fn is non-null. This means the .plugged_cb and .plugged_cb_dev members still get appropriately cleared.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/933f3eab1d489af8d734bff855b10d29dd5968a4

Patch

https://git.kernel.org/stable/c/be9b3f9a54101c19226c25ba7163d291183777a0

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 3.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (8)

linux/Kernel 6.14.0 - 6.15.3linux

Linux/Linux < 6.14

Linux/Linux 6.14

Linux/Linux 6.15.3 - 6.15.*

Linux/Linux 6.16

Linux/Linux baf616647fe6f857a0cf2187197de31e9bb17a71 - 933f3eab1d489af8d734bff855b10d29dd5968a4

Linux/Linux baf616647fe6f857a0cf2187197de31e9bb17a71 - be9b3f9a54101c19226c25ba7163d291183777a0

linux/linux_kernel 6.14 - 6.15.3

Published Jul 03, 2025

Tracked Since Feb 18, 2026