PT-2025-35966 · Linux+6 · Linux Kernel+6

Published

2025-06-15

·

Updated

2026-05-26

·

CVE-2025-38693

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A null pointer dereference issue exists in the w7090p tuner write serpar and w7090p tuner read serpar functions within the w7090p driver. The issue occurs when the msg parameter, controlled by the user, has a null buffer (msg[0].buf) and a length of zero (msg[0].len). A missing sanity check allows access to msg[0].buf[2], leading to a potential crash.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

AZL-73923
BDU:2025-15761
CVE-2025-38693
DLA-4327-1
DLA-4328-1
DSA-6009-1
ECHO-1F8A-09C5-BBD5
MGASA-2025-0234
MGASA-2025-0235
OESA-2025-2310
OESA-2025-2311
OESA-2025-2313
OESA-2025-2314
OESA-2025-2315
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu
W7090P