CVE-2025-38274

In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() fpga_mgr_test_img_load_sgt() allocates memory for sgt using kunit_kzalloc() however it does not check if the allocation failed. It then passes sgt to sg_alloc_table(), which passes it to __sg_alloc_table(). This function calls memset() on sgt in an attempt to zero it out. If the allocation fails then sgt will be NULL and the memset will trigger a NULL pointer dereference. Fix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/6ebf1982038af12f3588417e4fd0417d2551da28	Patch
https://git.kernel.org/stable/c/8b2230ac7ff0aeb2441132df638a82ab124f8624	Patch
https://git.kernel.org/stable/c/e69e2cfd8b38d9463a250e153ef4963a604d61e9	Patch
https://git.kernel.org/stable/c/eb4c74eaa6e2d15f3bbd32941c9d2a25b29a718d	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-07-10 08:15

Updated : 2025-11-20 16:56

NVD link : CVE-2025-38274

Mitre link : CVE-2025-38274

CVE.ORG link : CVE-2025-38274

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-38274", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-10T08:15:25.650", "references": [{"url": "https://git.kernel.org/stable/c/6ebf1982038af12f3588417e4fd0417d2551da28", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8b2230ac7ff0aeb2441132df638a82ab124f8624", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e69e2cfd8b38d9463a250e153ef4963a604d61e9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/eb4c74eaa6e2d15f3bbd32941c9d2a25b29a718d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()\n\nfpga_mgr_test_img_load_sgt() allocates memory for sgt using\nkunit_kzalloc() however it does not check if the allocation failed.\nIt then passes sgt to sg_alloc_table(), which passes it to\n__sg_alloc_table(). This function calls memset() on sgt in an attempt to\nzero it out. If the allocation fails then sgt will be NULL and the\nmemset will trigger a NULL pointer dereference.\n\nFix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fpga: se corrige una posible desreferencia de puntero nulo en fpga_mgr_test_img_load_sgt(). fpga_mgr_test_img_load_sgt() asigna memoria para sgt mediante kunit_kzalloc(), pero no comprueba si la asignaci\u00f3n ha fallado. A continuaci\u00f3n, pasa sgt a sg_alloc_table(), que a su vez la pasa a __sg_alloc_table(). Esta funci\u00f3n llama a memset() en sgt para intentar ponerlo a cero. Si la asignaci\u00f3n falla, sgt ser\u00e1 nulo y memset activar\u00e1 una desreferencia de puntero nulo. Solucione esto comprobando la asignaci\u00f3n con KUNIT_ASSERT_NOT_ERR_OR_NULL()."}], "lastModified": "2025-11-20T16:56:27.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C913EFAA-0F49-4213-AE33-7741AD492BD3", "versionEndExcluding": "6.6.94", "versionStartIncluding": "6.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFA54AA-CDFE-4591-BD07-72813D0948F4", "versionEndExcluding": "6.12.34", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}