CVE-2025-38007

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogic_input_configured() devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/01b76cc8ca243fc3376b035aa326bbc4f03d384b	Patch
https://git.kernel.org/stable/c/94e7272b636a0677082e0604609e4c471e0a2caf	Patch
https://git.kernel.org/stable/c/ad6caaf29bc26a48b1241ce82561fcbcf0a75aa9	Patch
https://git.kernel.org/stable/c/b616453d719ee1b8bf2ea6f6cc6c6258a572a590	Patch
https://git.kernel.org/stable/c/bd07f751208ba190f9b0db5e5b7f35d5bb4a8a1e	Patch
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc6::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

17 Dec 2025, 19:55

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/01b76cc8ca243fc3376b035aa326bbc4f03d384b -~~	() https://git.kernel.org/stable/c/01b76cc8ca243fc3376b035aa326bbc4f03d384b - Patch
References	~~() https://git.kernel.org/stable/c/94e7272b636a0677082e0604609e4c471e0a2caf -~~	() https://git.kernel.org/stable/c/94e7272b636a0677082e0604609e4c471e0a2caf - Patch
References	~~() https://git.kernel.org/stable/c/ad6caaf29bc26a48b1241ce82561fcbcf0a75aa9 -~~	() https://git.kernel.org/stable/c/ad6caaf29bc26a48b1241ce82561fcbcf0a75aa9 - Patch
References	~~() https://git.kernel.org/stable/c/b616453d719ee1b8bf2ea6f6cc6c6258a572a590 -~~	() https://git.kernel.org/stable/c/b616453d719ee1b8bf2ea6f6cc6c6258a572a590 - Patch
References	~~() https://git.kernel.org/stable/c/bd07f751208ba190f9b0db5e5b7f35d5bb4a8a1e -~~	() https://git.kernel.org/stable/c/bd07f751208ba190f9b0db5e5b7f35d5bb4a8a1e - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html -~~	() https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html - Third Party Advisory
CWE		CWE-476
CPE		cpe:2.3:o:linux:linux_kernel:6.15:rc5:::::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.15:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
First Time		Linux Debian Debian debian Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

03 Nov 2025, 20:18

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html -
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: uclogic: Añadir comprobación de valores NULL en uclogic_input_configured(). Devm_kasprintf() devuelve NULL cuando falla la asignación de memoria. Actualmente, uclogic_input_configured() no comprueba este caso, lo que provoca una desreferencia de puntero NULL. Añadir comprobación de valores NULL después de devm_kasprintf() para evitar este problema.

18 Jun 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-18 10:15

Updated : 2025-12-17 19:55

NVD link : CVE-2025-38007

Mitre link : CVE-2025-38007

CVE.ORG link : CVE-2025-38007

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10