Description

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug The qmp_usb_iomap() helper function currently returns the raw result of devm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return a NULL pointer and the caller only checks error pointers with IS_ERR(), NULL could bypass the check and lead to an invalid dereference. Fix the issue by checking if devm_ioremap() returns NULL. When it does, qmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM), ensuring safe and consistent error handling.

INFO

Published Date :

2025-07-10T07:41:55.658Z

Last Modified :

2025-11-03T17:36:09.044Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38275 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38275.

URL Resource
https://git.kernel.org/stable/c/0b979a409e40457ca1b5cb48755d1f34eee58805 cve-icon cve-icon
https://git.kernel.org/stable/c/0c33117f00c8c5363c22676931b22ae5041f7603 cve-icon cve-icon
https://git.kernel.org/stable/c/127dfb4f1c5a2b622039c5d203f321380ea36665 cve-icon cve-icon
https://git.kernel.org/stable/c/5072c1749197fc28b27d7efc0d80320d7cac9572 cve-icon cve-icon
https://git.kernel.org/stable/c/d14402a38c2d868cacb1facaf9be908ca6558e59 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025071008-CVE-2025-38275-4db0@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38275 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38275 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact