Null Pointer Dereference in Linux Kernel Media Driver Affecting Tuner Functionality
CVE-2025-38693

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38693?

A vulnerability in the Linux kernel exposes a null pointer dereference issue within the media driver for DVB frontends, specifically concerning the w7090p tuner. When user-controlled input leads to a scenario where the buffer in the message structure is null and the length is zero, this can permit the execution of unsafe memory access. As a result, invoking the function to read or write to the tuner can lead to a system crash due to the dereferencing of a null pointer. The vulnerability has been addressed by implementing additional sanity checks to ensure that input validation is strictly enforced.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7a41ecfc3415ebe3b4c44f96b3337691dcf431a3

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 17b30e5ded062bd74f8ca6f317e1d415a8680665

References

https://git.kernel.org/stable/c/7a41ecfc3415ebe3b4c44f96b...

https://git.kernel.org/stable/c/b3d77a3fc71c084575d3df4ec...

https://git.kernel.org/stable/c/17b30e5ded062bd74f8ca6f31...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025