CVE-2025-37971

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue was found in the Linux kernel, specifically in the bcm2835-camera module. This occurred because the dev->v4l2 dev was not initialized before being passed to vchiq mmal init. The issue arose from a commit that changed mmal init to pass dev->v4l2 dev.dev to vchiq mmal init without initializing dev->v4l2 dev. The device pointer could be set using v4l2 device register, but this would require additional changes due to other effects.

Recommendations To resolve this issue, initialize dev->v4l2 dev.dev during bcm2835 mmal probe. As a temporary workaround, consider restricting access to the bcm2835-camera module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.