NULL Pointer Dereference Vulnerability in Raspberry Pi 4 Linux Kernel
CVE-2025-38189

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38189?

A vulnerability exists in the Linux kernel affecting Raspberry Pi 4 where a NULL pointer dereference occurs in the v3d_job_update_stats function. This issue arises when a file descriptor is closed before the GPU jobs it submitted have finished, leading to potential kernel panics or system instability due to attempts to access freed memory structures. It is crucial for users to ensure that file descriptors remain valid during job execution to prevent these critical failures.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4f4701489d0f768a232b10d281491184f34bacf0

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/c886784000934d5486621106d...

https://git.kernel.org/stable/c/4f4701489d0f768a232b10d28...

https://git.kernel.org/stable/c/e1bc3a13bd775791cca0bb144...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025