PT-2025-33574 · Linux+4 · Linux Kernel+4

Published

2025-06-29

·

Updated

2026-04-27

·

CVE-2025-38531

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The Linux kernel contains a flaw where the indio dev->dev structure is used before initialization in various probe functions. This can lead to a kernel panic when functions like devm regulator bulk get enable() fail and subsequently call dev err probe() with the uninitialized device. The issue affects functions such as dev err probe(), dev err(), dev warn(), and dev info().
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Access of Uninitialized Pointer

Weakness Enumeration

CWE-908CWE-824

Related Identifiers

AZL-66362
AZL-70454
BDU:2026-01382
CVE-2025-38531
ECHO-0955-F512-A3CE
OESA-2026-1337
OESA-2026-1338
OESA-2026-1339
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03272-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03301-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20653-1
SUSE-SU-2025:20669-1
SUSE-SU-2025:20739-1
SUSE-SU-2025:20756-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_03272-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03301-1
SUSE-SU-2025_03382-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu