CVE-2025-38160

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, raspberrypi_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0a2712cd24ecfeb520af60f6f859b442c7ab01ff	Patch
https://git.kernel.org/stable/c/1b69a5299f28ce8e6afa37c3690dbc14c3a1f53f	Patch
https://git.kernel.org/stable/c/3c1adc2f8c732ea09e8c4bce5941fec019c6205d	Patch
https://git.kernel.org/stable/c/52562161df3567cdaedada46834a7a8d8c4ab737	Patch
https://git.kernel.org/stable/c/54ce9bcdaee59d4ef0703f390d55708557818f9e	Patch
https://git.kernel.org/stable/c/73c46d9a93d071ca69858dea3f569111b03e549e	Patch
https://git.kernel.org/stable/c/938f625bd3364cfdc93916739add3b637ff90368	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

18 Dec 2025, 20:51

Type	Values Removed	Values Added
CWE		CWE-476
First Time		Linux Debian Debian debian Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/0a2712cd24ecfeb520af60f6f859b442c7ab01ff -~~	() https://git.kernel.org/stable/c/0a2712cd24ecfeb520af60f6f859b442c7ab01ff - Patch
References	~~() https://git.kernel.org/stable/c/1b69a5299f28ce8e6afa37c3690dbc14c3a1f53f -~~	() https://git.kernel.org/stable/c/1b69a5299f28ce8e6afa37c3690dbc14c3a1f53f - Patch
References	~~() https://git.kernel.org/stable/c/3c1adc2f8c732ea09e8c4bce5941fec019c6205d -~~	() https://git.kernel.org/stable/c/3c1adc2f8c732ea09e8c4bce5941fec019c6205d - Patch
References	~~() https://git.kernel.org/stable/c/52562161df3567cdaedada46834a7a8d8c4ab737 -~~	() https://git.kernel.org/stable/c/52562161df3567cdaedada46834a7a8d8c4ab737 - Patch
References	~~() https://git.kernel.org/stable/c/54ce9bcdaee59d4ef0703f390d55708557818f9e -~~	() https://git.kernel.org/stable/c/54ce9bcdaee59d4ef0703f390d55708557818f9e - Patch
References	~~() https://git.kernel.org/stable/c/73c46d9a93d071ca69858dea3f569111b03e549e -~~	() https://git.kernel.org/stable/c/73c46d9a93d071ca69858dea3f569111b03e549e - Patch
References	~~() https://git.kernel.org/stable/c/938f625bd3364cfdc93916739add3b637ff90368 -~~	() https://git.kernel.org/stable/c/938f625bd3364cfdc93916739add3b637ff90368 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - Third Party Advisory

03 Nov 2025, 18:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -

03 Jul 2025, 15:13

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: bcm: rpi: Añadir comprobación de valores NULL en raspberrypi_clk_register(). Devm_kasprintf() devuelve NULL cuando falla la asignación de memoria. Actualmente, raspberrypi_clk_register() no realiza la comprobación en este caso, lo que provoca una desreferencia de puntero NULL. Añadir una comprobación de valores NULL después de devm_kasprintf() para evitar este problema.

03 Jul 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-03 09:15

Updated : 2025-12-18 20:51

NVD link : CVE-2025-38160

Mitre link : CVE-2025-38160

CVE.ORG link : CVE-2025-38160

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10