FKIE_CVE-2025-38225

Vulnerability from fkie_nvd - Published: 2025-07-04 14:15 - Updated: 2025-11-03 18:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Cleanup after an allocation error When allocation failures are not cleaned up by the driver, further allocation errors will be false-positives, which will cause buffers to remain uninitialized and cause NULL pointer dereferences. Ensure proper cleanup of failed allocations to prevent these issues.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0ee9469f818a0b4de3c0e7aecd733c103820d181
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6d0efe7d35c75394f32ff9d0650a007642d23857
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7500bb9cf164edbb2c8117d57620227b1a4a8369
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b89ff9cf37ff59399f850d5f7781ef78fc37679f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ec26be7d6355a05552a0d0c1e73031f83aa4dc7f
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: imx-jpeg: Limpieza tras un error de asignaci\u00f3n. Si el controlador no corrige los fallos de asignaci\u00f3n, los errores de asignaci\u00f3n posteriores ser\u00e1n falsos positivos, lo que provocar\u00e1 que los b\u00faferes permanezcan sin inicializar y desreferencias de punteros nulos. Aseg\u00farese de que las asignaciones fallidas se limpien correctamente para evitar estos problemas."
    }
  ],
  "id": "CVE-2025-38225",
  "lastModified": "2025-11-03T18:16:09.847",
  "metrics": {},
  "published": "2025-07-04T14:15:31.237",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0ee9469f818a0b4de3c0e7aecd733c103820d181"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6d0efe7d35c75394f32ff9d0650a007642d23857"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7500bb9cf164edbb2c8117d57620227b1a4a8369"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b89ff9cf37ff59399f850d5f7781ef78fc37679f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ec26be7d6355a05552a0d0c1e73031f83aa4dc7f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.