Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_configure() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.0, < 5.10.239 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/1be2000b703b02e149f8f2061054489f6c18c972Patch
- https://git.kernel.org/stable/c/21528806560510458378ea52c37e35b0773afaeaPatch
- https://git.kernel.org/stable/c/4a715be3fe80b68fa55cb3569af3d294be101626Patch
- https://git.kernel.org/stable/c/6a56446595730a5e3f06a30902e23cb037d28146Patch
- https://git.kernel.org/stable/c/9d06ac32c202142da40904180f2669ed4f5073acPatch
- https://git.kernel.org/stable/c/e12d3e1624a02706cdd3628bbf5668827214fa33Patch
- https://git.kernel.org/stable/c/fde314445332015273c8f51d2659885c606fe135Patch
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlThird Party Advisory
FAQ
What is CVE-2025-38143?
CVE-2025-38143 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_...
How severe is CVE-2025-38143?
CVE-2025-38143 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-38143?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.