NULL Pointer Dereference Vulnerability in Linux Kernel Affects STM32 SPI Driver
CVE-2025-38648

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38648?

A vulnerability in the Linux Kernel's STM32 SPI driver has been addressed where the stm32_spi_probe function did not verify if a critical pointer was NULL before using it. This oversight could lead to a potential system crash due to a NULL pointer dereference when accessing the has_device_mode member of the configuration structure. The fix ensures that an error is logged if the configuration data is unavailable, thus enhancing system stability by preventing runtime crashes.

Affected Version(s)

Linux fee681646fc831b154619ac0261afedcc7e671e7 < 6031a54f4eac921efe6122a561d44df89b37f2d4

Linux fee681646fc831b154619ac0261afedcc7e671e7

Linux fee681646fc831b154619ac0261afedcc7e671e7 < 3a571a8d52272cc26858ab1bc83d0f66e5dee938

References

https://git.kernel.org/stable/c/6031a54f4eac921efe6122a56...

https://git.kernel.org/stable/c/a7645815edf4478f3258bb0db...

https://git.kernel.org/stable/c/3a571a8d52272cc26858ab1bc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025