CVE-2025-38381

MEDIUM

Linux Kernel 6.11-6.12.36 - NULL Pointer Dereference in cs40l50_upload_owt()

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() The cs40l50_upload_owt() function allocates memory via kmalloc() without checking for allocation failure, which could lead to a NULL pointer dereference. Return -ENOMEM in case allocation fails.

References (3)

Core 3

Scores

CVSS v3 5.5
EPSS 0.0014
EPSS Percentile 3.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (12)
linux/Kernel 6.11.0 - 6.12.37linux
linux/Kernel 6.13.0 - 6.15.6linux
Linux/Linux < 6.11
Linux/Linux 6.11
Linux/Linux 6.12.37 - 6.12.*
Linux/Linux 6.15.6 - 6.15.*
Linux/Linux 6.16
Linux/Linux c38fe1bb5d21c2ce0857965ee06174ee587d6b42 - 4cf65845fdd09d711fc7546d60c9abe010956922
Linux/Linux c38fe1bb5d21c2ce0857965ee06174ee587d6b42 - e87fc697fa4be5164e47cfba4ddd4732499adc60
Linux/Linux c38fe1bb5d21c2ce0857965ee06174ee587d6b42 - ea20568895c1122f15b6fc9e8d02c6cbe22964f8
... and 2 more
Published Jul 25, 2025
Tracked Since Feb 18, 2026