CVE-2025-38635
Published: August 23, 2025Last modified: August 23, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davinci_lpsc_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, davinci_lpsc_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensuring no resources are left allocated.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.151-r0) |
| 25 LTS | linux-lts | Fixed (6.12.44-r0) | |
| Stream | linux-lts | Fixed (6.12.43-r0) |
References
- https://git.kernel.org/stable/c/105e8115944a9f93e9412abe7bb07ed96725adf9
- https://git.kernel.org/stable/c/13de464f445d42738fe18c9a28bab056ba3a290a
- https://git.kernel.org/stable/c/1d92608a29251278015f57f3572bc950db7519f0
- https://git.kernel.org/stable/c/23f564326deaafacfd7adf6104755b15216d8320
- https://git.kernel.org/stable/c/2adc945b70c4d97e9491a6c0c9f3b217a9eecfba
- https://git.kernel.org/stable/c/6fb19cdcf040e1dec052a9032acb66cc2ad1d43f
- https://git.kernel.org/stable/c/77e9ad7a2d0e2a771c9e0be04b9d1639413b5f13
- https://git.kernel.org/stable/c/7843412e5927dafbb844782c56b6380564064109
- https://git.kernel.org/stable/c/7943ed1f05f5cb7372dca2aa227f848747a98791
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html