CVE-2025-38134

{"id": "CVE-2025-38134", "cveTags": [], "metrics": {}, "published": "2025-07-03T09:15:27.837", "references": [{"url": "https://git.kernel.org/stable/c/73fb0ec9436ae87bcae067ce35d6cdd72bade86c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8fa544bff8466062e42949c93f3e528f4be5624b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e3d530173b70514d4390a94f9f979acad689b70a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()\n\nAs demonstrated by the fix for update_port_device_state,\ncommit 12783c0b9e2c (\"usb: core: Prevent null pointer dereference in update_port_device_state\"),\nusb_hub_to_struct_hub() can return NULL in certain scenarios,\nsuch as during hub driver unbind or teardown race conditions,\neven if the underlying usb_device structure exists.\n\nPlus, all other places that call usb_hub_to_struct_hub() in the same file\ndo check for NULL return values.\n\nIf usb_hub_to_struct_hub() returns NULL, the subsequent access to\nhub->ports[udev->portnum - 1] will cause a null pointer dereference."}], "lastModified": "2025-07-03T15:13:53.147", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}