CVE-2025-38265
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38265
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38265.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38265
- Downstream
- Related
- Published
- 2025-07-10T08:15:24Z
- Modified
- 2025-07-10T13:17:30Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
serial: jsm: fix NPE during jsmuartport_init
No device was set which caused serialbasectrl_add to crash.
BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1 RIP: 0010:serialbasectrladd+0x96/0x120 Call Trace: <TASK> serialcoreregisterport+0x1a0/0x580 ? setupirq+0x39c/0x660 ? _kmalloccachenoprof+0x111/0x310 jsmuartportinit+0xe8/0x180 [jsm] jsmprobeone+0x1f4/0x410 [jsm] localpciprobe+0x42/0x90 pcideviceprobe+0x22f/0x270 reallyprobe+0xdb/0x340 ? pmruntimebarrier+0x54/0x90 ? _pfxdriverattach+0x10/0x10 _driverprobedevice+0x78/0x110 driverprobedevice+0x1f/0xa0 _driverattach+0xba/0x1c0 busforeachdev+0x8c/0xe0 busadddriver+0x112/0x1f0 driverregister+0x72/0xd0 jsminitmodule+0x36/0xff0 [jsm] ? _pfxjsminitmodule+0x10/0x10 [jsm] dooneinitcall+0x58/0x310 doinitmodule+0x60/0x230
Tested with Digi Neo PCIe 8 port card.
- References
-
- https://git.kernel.org/stable/c/3258d7ff8ebfa451426662b23e8f2b51b129afe1
- https://git.kernel.org/stable/c/985961dd2688a527a4847300d41beaad475ab7af
- https://git.kernel.org/stable/c/a14c0d2eb3f0b1836fdec22908b87ecffd2ac844
- https://git.kernel.org/stable/c/abaecb2a4ad021c2f2426e9b2a9c020aef57aca9
- https://git.kernel.org/stable/c/e3975aa899c0a3bbc10d035e699b142cd1373a71
- https://security-tracker.debian.org/tracker/CVE-2025-38265
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source