NULL Pointer Dereference Vulnerability in Linux Kernel Affecting Davinci LPSC Clock Register
CVE-2025-38635

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38635?

A vulnerability in the Linux kernel relates to a NULL pointer dereference that occurs within the Davinci LPSC clock register functionality. The issue arises when the devm_kasprintf function fails to allocate memory, leading to potential system instability if a subsequent NULL reference occurs. By implementing a NULL check post-memory allocation, this vulnerability is mitigated, ensuring that resources are properly managed and preventing crashes or unexpected behavior in affected systems.

Affected Version(s)

Linux c6ed4d734bc7f731709dab0ffd69eed499dd5277 < 105e8115944a9f93e9412abe7bb07ed96725adf9

Linux c6ed4d734bc7f731709dab0ffd69eed499dd5277 < 1d92608a29251278015f57f3572bc950db7519f0

Linux c6ed4d734bc7f731709dab0ffd69eed499dd5277 < 7943ed1f05f5cb7372dca2aa227f848747a98791

References

https://git.kernel.org/stable/c/105e8115944a9f93e9412abe7...

https://git.kernel.org/stable/c/1d92608a29251278015f57f35...

https://git.kernel.org/stable/c/7943ed1f05f5cb7372dca2aa2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025