Null Pointer Dereference Vulnerability in Linux Kernel Affects DVB Frontends
CVE-2025-38694

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38694?

A vulnerability in the Linux kernel's DVB frontends has been identified, specifically in the dib7090p_rw_on_apb function. Here, user-controlled messages can lead to a null pointer dereference when the buffer is null and length is zero. If checks on the buffer are bypassed, the system can crash when accessing unverified memory locations, representing a significant security risk. Similar issues have been addressed in related functionality, highlighting the importance of robust input validation and error handling.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 529fd5593b721e6f4370c591f5086649ed149ff6

References

https://git.kernel.org/stable/c/bc07cae4f36bb18d5b6a9ed83...

https://git.kernel.org/stable/c/ce8b7c711b9c4f040b5419729...

https://git.kernel.org/stable/c/529fd5593b721e6f4370c591f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025