NULL Pointer Dereference in Aspeed LPC Enable Snoop Function of Linux Kernel
CVE-2025-38145

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38145?

A security issue has been identified in the Linux kernel concerning the aspeed_lpc_enable_snoop() function. When memory allocation fails and devm_kasprintf() returns NULL, the function fails to check for this nullity, potentially leading to a NULL pointer dereference. This flaw underscores the importance of implementing proper null checks in memory management within kernel functions to prevent unexpected crashes and security issues.

Affected Version(s)

Linux 3772e5da445420543b25825ac2b5971f3743f6e8 < 2beee9cf833374550e673d428ad8b6ab37c175b3

Linux 3772e5da445420543b25825ac2b5971f3743f6e8

Linux 3772e5da445420543b25825ac2b5971f3743f6e8 < 1fd889c145722579aa038c31cbc07cfdd4d75166

References

https://git.kernel.org/stable/c/2beee9cf833374550e673d428...

https://git.kernel.org/stable/c/c550999f939b529d28a914d50...

https://git.kernel.org/stable/c/1fd889c145722579aa038c31c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025