PT-2025-27708 · Linux+6 · Linux Kernel+6

Published

2025-06-02

·

Updated

2026-04-20

·

CVE-2025-38122

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A potential NULL pointer dereference issue has been identified in the Linux kernel, specifically in the gve alloc pending packet() function within the TX DQO. This function can return NULL, but the returned pointer was not checked for NULL before being dereferenced in gve tx add skb dqo(). To address this, a missing NULL check has been added to prevent potential crashes when memory allocation fails, improving the kernel's robustness in low-memory scenarios.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

AZL-64598
BDU:2025-09004
CVE-2025-38122
DLA-4328-1
DSA-5973-1
ECHO-11E2-3F2A-5E40
MGASA-2025-0218
MGASA-2025-0219
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:03204-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
SUSE-SU-2025_03204-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7774-4
USN-7774-5
USN-7775-1
USN-7775-2
USN-7775-3
USN-7776-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu