CVE-2025-38629

MEDIUM

Linux Kernel 6.13-6.15.9, 6.16.0 - NULL Pointer Dereference in ALSA USB Scarlett2 Input Select Control

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocated via kasprintf(), but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check.

References (3)

Core 3

Scores

CVSS v3 5.5
EPSS 0.0014
EPSS Percentile 3.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (11)
linux/Kernel 6.13.0 - 6.15.10linux
linux/Kernel 6.16.0 - 6.16.1linux
Linux/Linux < 6.13
Linux/Linux 6.13
Linux/Linux 6.15.10 - 6.15.*
Linux/Linux 6.16.1 - 6.16.*
Linux/Linux 6.17
Linux/Linux 8eba063b5b2b498ddd01ea6f29fc9b12368c3d53 - 2c735fcaee81ad8056960659dc9dc460891e76b0
Linux/Linux 8eba063b5b2b498ddd01ea6f29fc9b12368c3d53 - d558db85920b124bac36f8a7ddc5de0aa7491bdd
Linux/Linux 8eba063b5b2b498ddd01ea6f29fc9b12368c3d53 - df485a4b2b3ee5b35c80f990beb554e38a8a5fb1
... and 1 more
Published Aug 22, 2025
Tracked Since Feb 18, 2026