CVE-2025-38135

In the Linux kernel, the following vulnerability has been resolved: serial: Fix potential null-ptr-deref in mlb_usio_probe() devm_ioremap() can return NULL on error. Currently, mlb_usio_probe() does not check for this case, which could result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/19fd9f5a69363d33079097d866eb6082d61bf31d	Patch
https://git.kernel.org/stable/c/548b0e81b9a0902a8bc8259430ed965663baadfc	Patch
https://git.kernel.org/stable/c/81159a6b064142b993f2f39828b77e199c77872a	Patch
https://git.kernel.org/stable/c/86bcae88c9209e334b2f8c252f4cc66beb261886	Patch
https://git.kernel.org/stable/c/a05ebe384c7ca75476453f3070c67d9cf1d1a89f	Patch
https://git.kernel.org/stable/c/a6c7c365734cd0fa1c5aa225a6294fdf80cad2ea	Patch
https://git.kernel.org/stable/c/c23d87b43f7dba5eb12820f6cf21a1cd4f63eb3d	Patch
https://git.kernel.org/stable/c/e1b144aebe6fb898d96ced8c990d7aa38fda4a7a	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

17 Dec 2025, 18:12

Type	Values Removed	Values Added
CWE		CWE-476
First Time		Linux Debian Debian debian Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/19fd9f5a69363d33079097d866eb6082d61bf31d -~~	() https://git.kernel.org/stable/c/19fd9f5a69363d33079097d866eb6082d61bf31d - Patch
References	~~() https://git.kernel.org/stable/c/548b0e81b9a0902a8bc8259430ed965663baadfc -~~	() https://git.kernel.org/stable/c/548b0e81b9a0902a8bc8259430ed965663baadfc - Patch
References	~~() https://git.kernel.org/stable/c/81159a6b064142b993f2f39828b77e199c77872a -~~	() https://git.kernel.org/stable/c/81159a6b064142b993f2f39828b77e199c77872a - Patch
References	~~() https://git.kernel.org/stable/c/86bcae88c9209e334b2f8c252f4cc66beb261886 -~~	() https://git.kernel.org/stable/c/86bcae88c9209e334b2f8c252f4cc66beb261886 - Patch
References	~~() https://git.kernel.org/stable/c/a05ebe384c7ca75476453f3070c67d9cf1d1a89f -~~	() https://git.kernel.org/stable/c/a05ebe384c7ca75476453f3070c67d9cf1d1a89f - Patch
References	~~() https://git.kernel.org/stable/c/a6c7c365734cd0fa1c5aa225a6294fdf80cad2ea -~~	() https://git.kernel.org/stable/c/a6c7c365734cd0fa1c5aa225a6294fdf80cad2ea - Patch
References	~~() https://git.kernel.org/stable/c/c23d87b43f7dba5eb12820f6cf21a1cd4f63eb3d -~~	() https://git.kernel.org/stable/c/c23d87b43f7dba5eb12820f6cf21a1cd4f63eb3d - Patch
References	~~() https://git.kernel.org/stable/c/e1b144aebe6fb898d96ced8c990d7aa38fda4a7a -~~	() https://git.kernel.org/stable/c/e1b144aebe6fb898d96ced8c990d7aa38fda4a7a - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - Third Party Advisory
CPE		cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

03 Nov 2025, 18:16

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: Se corrige la posible desreferencia de puntero nulo en mlb_usio_probe(). devm_ioremap() puede devolver NULL en caso de error. Actualmente, mlb_usio_probe() no verifica este caso, lo que podría provocar una desreferencia de puntero NULL. Agregue una comprobación de NULL después de devm_ioremap() para evitar este problema.
References		() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -

03 Jul 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-03 09:15

Updated : 2025-12-17 18:12

NVD link : CVE-2025-38135

Mitre link : CVE-2025-38135

CVE.ORG link : CVE-2025-38135

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10