SB2025042275 - NULL pointer dereference in Linux kernel remoteproc driver
Published: April 22, 2025 Updated: May 10, 2025
Security Bulletin ID
SB2025042275
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rproc_shutdown() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/068f6648ff5b0c7adeb6c363fae7fb188aa178fa
- https://git.kernel.org/stable/c/2df19f5f6f72da6f6ebab7cdb3a3b9f7686bb476
- https://git.kernel.org/stable/c/6e66bca8cd51ebedd5d32426906a38e4a3c69c5f
- https://git.kernel.org/stable/c/7c6bb82a6f3da6ab2d3fbea03901482231708b98
- https://git.kernel.org/stable/c/8e0fd2a3b9852ac3cf540edb06ccc0153b38b5af
- https://git.kernel.org/stable/c/e6015ca453b82ec54aec9682dcc38773948fcc48
- https://git.kernel.org/stable/c/efdde3d73ab25cef4ff2d06783b0aad8b093c0e4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.180
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.134
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.87