CVE-2025-38208

MEDIUM

Linux kernel - Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automount_fullpath page is checked for null in __build_path_from_dentry_optional_prefix when tcon->origin_fullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential NULL pointer dereference.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/37166d63e42c34846a16001950ecec96229a8d17

Patch

https://git.kernel.org/stable/c/a9e916fa5c7d0ec2256aa44aa24ddd92f529ce35

Patch

https://git.kernel.org/stable/c/cce8e71ca1f7ad9045707f0d22490c1e9ed1df6c

Patch

https://git.kernel.org/stable/c/f1e7a277a1736e12cc4bd6d93b8a5c439b8ca20c

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (16)

linux/Kernel 6.13.0 - 6.15.4linux

linux/Kernel 6.3.0 - 6.6.95linux

linux/Kernel 6.7.0 - 6.12.35linux

Linux/Linux < 6.3

Linux/Linux 6.12.35 - 6.12.*

Linux/Linux 6.15.4 - 6.15.*

Linux/Linux 6.16

Linux/Linux 6.2.13 - 6.3

Linux/Linux 6.3

Linux/Linux 6.6.95 - 6.6.*

... and 6 more

Published Jul 04, 2025

Tracked Since Feb 18, 2026