Null Pointer Dereference in Raspberry Pi Clock Driver by Linux Kernel
CVE-2025-38160

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38160?

The Linux kernel's raspberrypi_clk_register function is susceptible to a null pointer dereference due to the absence of a check for NULL in the devm_kasprintf() output. When memory allocation fails, the failure to handle the NULL return results in a dereference error, potentially leading to application crashes or undefined behavior. This issue has been addressed by implementing a NULL check after the memory allocation to enhance system stability and security.

Affected Version(s)

Linux 93d2725affd65686792f4b57e49ef660f3c8c0f9 < 938f625bd3364cfdc93916739add3b637ff90368

Linux 93d2725affd65686792f4b57e49ef660f3c8c0f9 < 54ce9bcdaee59d4ef0703f390d55708557818f9e

Linux 93d2725affd65686792f4b57e49ef660f3c8c0f9 < 52562161df3567cdaedada46834a7a8d8c4ab737

References

https://git.kernel.org/stable/c/938f625bd3364cfdc93916739...

https://git.kernel.org/stable/c/54ce9bcdaee59d4ef0703f390...

https://git.kernel.org/stable/c/52562161df3567cdaedada468...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025