Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, raspberrypi_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.9, < 5.10.239 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/0a2712cd24ecfeb520af60f6f859b442c7ab01ffPatch
- https://git.kernel.org/stable/c/1b69a5299f28ce8e6afa37c3690dbc14c3a1f53fPatch
- https://git.kernel.org/stable/c/3c1adc2f8c732ea09e8c4bce5941fec019c6205dPatch
- https://git.kernel.org/stable/c/52562161df3567cdaedada46834a7a8d8c4ab737Patch
- https://git.kernel.org/stable/c/54ce9bcdaee59d4ef0703f390d55708557818f9ePatch
- https://git.kernel.org/stable/c/73c46d9a93d071ca69858dea3f569111b03e549ePatch
- https://git.kernel.org/stable/c/938f625bd3364cfdc93916739add3b637ff90368Patch
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlThird Party Advisory
FAQ
What is CVE-2025-38160?
CVE-2025-38160 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently,...
How severe is CVE-2025-38160?
CVE-2025-38160 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-38160?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.