NULL Pointer Dereference Vulnerability in Linux Kernel CS40L50 VIBRA Module
CVE-2025-38381

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38381?

A vulnerability in the Linux kernel within the cs40l50-vibra module allows for a potential NULL pointer dereference due to the cs40l50_upload_owt() function's failure to check for memory allocation errors. If kmalloc() fails to allocate memory, a subsequent dereference of the NULL pointer can lead to system instability or crash. The fix introduces error handling to return -ENOMEM when memory allocation is unsuccessful, enhancing system robustness.

Affected Version(s)

Linux c38fe1bb5d21c2ce0857965ee06174ee587d6b42

Linux c38fe1bb5d21c2ce0857965ee06174ee587d6b42 < 4cf65845fdd09d711fc7546d60c9abe010956922

References

https://git.kernel.org/stable/c/ea20568895c1122f15b6fc9e8...

https://git.kernel.org/stable/c/e87fc697fa4be5164e47cfba4...

https://git.kernel.org/stable/c/4cf65845fdd09d711fc7546d6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025