CVE-2025-37881

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/052fb65335befeae8500e88d69ea022266baaf6d	Patch
https://git.kernel.org/stable/c/36d68151712e525450f0fbb3045e7110f0d9b610	Patch
https://git.kernel.org/stable/c/61006ca381b4d65d2b8ca695ea8da1ce18d6dee3	Patch
https://git.kernel.org/stable/c/8c75f3e6a433d92084ad4e78b029ae680865420f	Patch
https://git.kernel.org/stable/c/a777ccfb9ba8d43f745e41b69ba39d4a506a081e	Patch
https://git.kernel.org/stable/c/c8d4faf452a627f9b09c3a5c366133a19e5b7a28	Patch
https://git.kernel.org/stable/c/cfa7984f69359761b07a7831c1258c0fde1e0389	Patch
https://git.kernel.org/stable/c/d26a6093d52904cacdbb75424c323c19b443a890	Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

12 Nov 2025, 19:27

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/052fb65335befeae8500e88d69ea022266baaf6d -~~	() https://git.kernel.org/stable/c/052fb65335befeae8500e88d69ea022266baaf6d - Patch
References	~~() https://git.kernel.org/stable/c/36d68151712e525450f0fbb3045e7110f0d9b610 -~~	() https://git.kernel.org/stable/c/36d68151712e525450f0fbb3045e7110f0d9b610 - Patch
References	~~() https://git.kernel.org/stable/c/61006ca381b4d65d2b8ca695ea8da1ce18d6dee3 -~~	() https://git.kernel.org/stable/c/61006ca381b4d65d2b8ca695ea8da1ce18d6dee3 - Patch
References	~~() https://git.kernel.org/stable/c/8c75f3e6a433d92084ad4e78b029ae680865420f -~~	() https://git.kernel.org/stable/c/8c75f3e6a433d92084ad4e78b029ae680865420f - Patch
References	~~() https://git.kernel.org/stable/c/a777ccfb9ba8d43f745e41b69ba39d4a506a081e -~~	() https://git.kernel.org/stable/c/a777ccfb9ba8d43f745e41b69ba39d4a506a081e - Patch
References	~~() https://git.kernel.org/stable/c/c8d4faf452a627f9b09c3a5c366133a19e5b7a28 -~~	() https://git.kernel.org/stable/c/c8d4faf452a627f9b09c3a5c366133a19e5b7a28 - Patch
References	~~() https://git.kernel.org/stable/c/cfa7984f69359761b07a7831c1258c0fde1e0389 -~~	() https://git.kernel.org/stable/c/cfa7984f69359761b07a7831c1258c0fde1e0389 - Patch
References	~~() https://git.kernel.org/stable/c/d26a6093d52904cacdbb75424c323c19b443a890 -~~	() https://git.kernel.org/stable/c/d26a6093d52904cacdbb75424c323c19b443a890 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html -~~	() https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -~~	() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html - Third Party Advisory
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:debian:debian_linux:11.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476
First Time		Debian debian Linux Linux Debian Linux linux Kernel

03 Nov 2025, 20:18

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html - () https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -

12 May 2025, 17:32

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: aspeed: Se ha añadido una comprobación de puntero nulo en ast_vhub_init_dev(). La variable d->name, devuelta por devm_kasprintf(), podría ser nula. Se ha añadido una comprobación de puntero para evitar posibles desreferencias de punteros nulos. Esto es similar a la corrección en la confirmación 3027e7b15b02 ("ice: Se corrigen algunos problemas de desreferencia de puntero nulo en ice_ptp.c"). Nuestra herramienta de análisis estático ha detectado este problema.

09 May 2025, 07:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-09 07:16

Updated : 2025-11-12 19:27

NVD link : CVE-2025-37881

Mitre link : CVE-2025-37881

CVE.ORG link : CVE-2025-37881

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10