CVE-2025-38664

In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7	Patch
https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b	Patch
https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535	Patch
https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782	Patch
https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede	Patch
https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36	Patch
https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca	Patch
https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc7::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

07 Jan 2026, 17:32

Type	Values Removed	Values Added
First Time		Linux Debian Debian debian Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7 -~~	() https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7 - Patch
References	~~() https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b -~~	() https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b - Patch
References	~~() https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535 -~~	() https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535 - Patch
References	~~() https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782 -~~	() https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782 - Patch
References	~~() https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede -~~	() https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede - Patch
References	~~() https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36 -~~	() https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36 - Patch
References	~~() https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca -~~	() https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca - Patch
References	~~() https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15 -~~	() https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - Third Party Advisory
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.16:rc6:::::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel:6.16:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.16:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc7::::::

03 Nov 2025, 18:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -

28 Aug 2025, 15:15

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Se corrige una desreferencia de puntero nulo en ice_copy_and_init_pkg(). Se agrega una verificación para el valor de retorno de devm_kmemdup() para evitar una posible desreferencia de puntero nulo.
References		() https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782 - () https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede - () https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15 -

22 Aug 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-22 16:15

Updated : 2026-01-07 17:32

NVD link : CVE-2025-38664

Mitre link : CVE-2025-38664

CVE.ORG link : CVE-2025-38664

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10