CVE-2025-38265

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38265
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38265.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-38265
Downstream
Related
Published
2025-07-10T08:15:24Z
Modified
2025-07-10T13:17:30Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

serial: jsm: fix NPE during jsmuartport_init

No device was set which caused serialbasectrl_add to crash.

BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1 RIP: 0010:serialbasectrladd+0x96/0x120 Call Trace: <TASK> serialcoreregisterport+0x1a0/0x580 ? setupirq+0x39c/0x660 ? _kmalloccachenoprof+0x111/0x310 jsmuartportinit+0xe8/0x180 [jsm] jsmprobeone+0x1f4/0x410 [jsm] localpciprobe+0x42/0x90 pcideviceprobe+0x22f/0x270 reallyprobe+0xdb/0x340 ? pmruntimebarrier+0x54/0x90 ? _pfxdriverattach+0x10/0x10 _driverprobedevice+0x78/0x110 driverprobedevice+0x1f/0xa0 _driverattach+0xba/0x1c0 busforeachdev+0x8c/0xe0 busadddriver+0x112/0x1f0 driverregister+0x72/0xd0 jsminitmodule+0x36/0xff0 [jsm] ? _pfxjsminitmodule+0x10/0x10 [jsm] dooneinitcall+0x58/0x310 doinitmodule+0x60/0x230

Tested with Digi Neo PCIe 8 port card.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.33-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}