Null Pointer Dereference in Linux Kernel's DMA Engine from TI
CVE-2025-38138
What is CVE-2025-38138?
A vulnerability exists in the Linux Kernel related to the DMA engine, specifically in the TI implementation. This issue arises due to a lack of validation after memory allocation attempts via devm_kasprintf(). If memory allocation fails, the function can return NULL, which is not checked in the udma_probe() function, leading to potential null pointer dereferences. This oversight can result in system instability or crashes, highlighting the critical need for proper error handling in the kernel's code. A NULL check has been added post-memory allocation to address this vulnerability and enhance the robustness of the kernel.
Affected Version(s)
Linux 25dcb5dd7b7ce5587c1df18f584ff78f51a68a94
Linux 25dcb5dd7b7ce5587c1df18f584ff78f51a68a94 < 9f133e04c62246353b8b1f0a679535c65161ebcf
Linux 25dcb5dd7b7ce5587c1df18f584ff78f51a68a94