CVE-2025-38274

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A potential null pointer dereference issue was identified in the fpga mgr test img load sgt() function. The function allocates memory for sgt using kunit kzalloc(), but fails to verify if the allocation was successful. Subsequently, sgt is passed to sg alloc table(), which then passes it to sg alloc table(). This function attempts to zero out the memory using memset(). If the allocation fails, sgt will be null, leading to a null pointer dereference when memset() is called.

Recommendations: Check the allocation with KUNIT ASSERT NOT ERR OR NULL().

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-64884

BDU:2025-10314

CVE-2025-38274

MGASA-2025-0218

MGASA-2025-0219

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38274

Weakness Enumeration

Related Identifiers

Affected Products

References · 2574