CVE-2025-38265

In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during jsm_uart_port_init No device was set which caused serial_base_ctrl_add to crash. BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1 RIP: 0010:serial_base_ctrl_add+0x96/0x120 Call Trace: <TASK> serial_core_register_port+0x1a0/0x580 ? __setup_irq+0x39c/0x660 ? __kmalloc_cache_noprof+0x111/0x310 jsm_uart_port_init+0xe8/0x180 [jsm] jsm_probe_one+0x1f4/0x410 [jsm] local_pci_probe+0x42/0x90 pci_device_probe+0x22f/0x270 really_probe+0xdb/0x340 ? pm_runtime_barrier+0x54/0x90 ? __pfx___driver_attach+0x10/0x10 __driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8c/0xe0 bus_add_driver+0x112/0x1f0 driver_register+0x72/0xd0 jsm_init_module+0x36/0xff0 [jsm] ? __pfx_jsm_init_module+0x10/0x10 [jsm] do_one_initcall+0x58/0x310 do_init_module+0x60/0x230 Tested with Digi Neo PCIe 8 port card.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3258d7ff8ebfa451426662b23e8f2b51b129afe1	Patch
https://git.kernel.org/stable/c/985961dd2688a527a4847300d41beaad475ab7af	Patch
https://git.kernel.org/stable/c/a14c0d2eb3f0b1836fdec22908b87ecffd2ac844	Patch
https://git.kernel.org/stable/c/abaecb2a4ad021c2f2426e9b2a9c020aef57aca9	Patch
https://git.kernel.org/stable/c/e3975aa899c0a3bbc10d035e699b142cd1373a71	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

18 Nov 2025, 18:27

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CWE		CWE-476
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/3258d7ff8ebfa451426662b23e8f2b51b129afe1 -~~	() https://git.kernel.org/stable/c/3258d7ff8ebfa451426662b23e8f2b51b129afe1 - Patch
References	~~() https://git.kernel.org/stable/c/985961dd2688a527a4847300d41beaad475ab7af -~~	() https://git.kernel.org/stable/c/985961dd2688a527a4847300d41beaad475ab7af - Patch
References	~~() https://git.kernel.org/stable/c/a14c0d2eb3f0b1836fdec22908b87ecffd2ac844 -~~	() https://git.kernel.org/stable/c/a14c0d2eb3f0b1836fdec22908b87ecffd2ac844 - Patch
References	~~() https://git.kernel.org/stable/c/abaecb2a4ad021c2f2426e9b2a9c020aef57aca9 -~~	() https://git.kernel.org/stable/c/abaecb2a4ad021c2f2426e9b2a9c020aef57aca9 - Patch
References	~~() https://git.kernel.org/stable/c/e3975aa899c0a3bbc10d035e699b142cd1373a71 -~~	() https://git.kernel.org/stable/c/e3975aa899c0a3bbc10d035e699b142cd1373a71 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

10 Jul 2025, 13:17

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: jsm: fix NPE durante jsm_uart_port_init No se configuró ningún dispositivo que causó que serial_base_ctrl_add se bloqueara. ERROR: desreferencia de puntero NULL del kernel, dirección: 000000000000050 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) No contaminado 6.12.25-amd64 #1 Debian 6.12.25-1 RIP: 0010:serial_base_ctrl_add+0x96/0x120 Rastreo de llamadas: serial_core_register_port+0x1a0/0x580 ? __setup_irq+0x39c/0x660 ? __kmalloc_cache_noprof+0x111/0x310 jsm_uart_port_init+0xe8/0x180 [jsm] jsm_probe_one+0x1f4/0x410 [jsm] local_pci_probe+0x42/0x90 pci_device_probe+0x22f/0x270 really_probe+0xdb/0x340 ? pm_runtime_barrier+0x54/0x90 ? __pfx___driver_attach+0x10/0x10 __driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8c/0xe0 bus_add_driver+0x112/0x1f0 driver_register+0x72/0xd0 jsm_init_module+0x36/0xff0 [jsm] ? __pfx_jsm_init_module+0x10/0x10 [jsm] do_one_initcall+0x58/0x310 do_init_module+0x60/0x230 Probado con la tarjeta Digi Neo PCIe de 8 puertos.

10 Jul 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 08:15

Updated : 2025-11-18 18:27

NVD link : CVE-2025-38265

Mitre link : CVE-2025-38265

CVE.ORG link : CVE-2025-38265

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10