Null Pointer Dereference in Linux Kernel Ethernet Driver
CVE-2025-38452

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38452?

A vulnerability exists in the Ethernet driver of the Linux kernel, specifically within the rtsn_probe() function. The issue arises from a lack of checks on the return value of rcar_gen4_ptp_alloc(), which can lead to a null pointer dereference. This vulnerability can potentially cause system instability or crashes if certain conditions are met, allowing an attacker to exploit the weakness. The problem has been addressed in recent kernel updates by implementing appropriate checks to mitigate the risk.

Affected Version(s)

Linux b0d3969d2b4db82602492cad576b8de494a12ddf < 9f260e16b297f8134c5f90bb5a20e805ff57e853

Linux b0d3969d2b4db82602492cad576b8de494a12ddf

Linux b0d3969d2b4db82602492cad576b8de494a12ddf < 95a234f6affbf51f06338383537ab80d637bb785

References

https://git.kernel.org/stable/c/9f260e16b297f8134c5f90bb5...

https://git.kernel.org/stable/c/d52eb4f0e0ca9a5213b8795ab...

https://git.kernel.org/stable/c/95a234f6affbf51f063383835...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025