CVE-2025-38225 (GCVE-0-2025-38225)
Vulnerability from cvelistv5
Published
2025-07-04 13:37
Modified
2025-07-06 09:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: imx-jpeg: Cleanup after an allocation error
When allocation failures are not cleaned up by the driver, further
allocation errors will be false-positives, which will cause buffers to
remain uninitialized and cause NULL pointer dereferences.
Ensure proper cleanup of failed allocations to prevent these issues.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: 2db16c6ed72ce644d5639b3ed15e5817442db4ba Version: 2db16c6ed72ce644d5639b3ed15e5817442db4ba Version: 2db16c6ed72ce644d5639b3ed15e5817442db4ba Version: 2db16c6ed72ce644d5639b3ed15e5817442db4ba Version: 2db16c6ed72ce644d5639b3ed15e5817442db4ba |
||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b89ff9cf37ff59399f850d5f7781ef78fc37679f",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "ec26be7d6355a05552a0d0c1e73031f83aa4dc7f",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "0ee9469f818a0b4de3c0e7aecd733c103820d181",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "6d0efe7d35c75394f32ff9d0650a007642d23857",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "7500bb9cf164edbb2c8117d57620227b1a4a8369",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.143",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.143",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.95",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.35",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.4",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16-rc1",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-06T09:08:56.186Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b89ff9cf37ff59399f850d5f7781ef78fc37679f"
},
{
"url": "https://git.kernel.org/stable/c/ec26be7d6355a05552a0d0c1e73031f83aa4dc7f"
},
{
"url": "https://git.kernel.org/stable/c/0ee9469f818a0b4de3c0e7aecd733c103820d181"
},
{
"url": "https://git.kernel.org/stable/c/6d0efe7d35c75394f32ff9d0650a007642d23857"
},
{
"url": "https://git.kernel.org/stable/c/7500bb9cf164edbb2c8117d57620227b1a4a8369"
}
],
"title": "media: imx-jpeg: Cleanup after an allocation error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38225",
"datePublished": "2025-07-04T13:37:40.205Z",
"dateReserved": "2025-04-16T04:51:23.995Z",
"dateUpdated": "2025-07-06T09:08:56.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38225\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-04T14:15:31.237\",\"lastModified\":\"2025-07-08T16:18:53.607\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmedia: imx-jpeg: Cleanup after an allocation error\\n\\nWhen allocation failures are not cleaned up by the driver, further\\nallocation errors will be false-positives, which will cause buffers to\\nremain uninitialized and cause NULL pointer dereferences.\\nEnsure proper cleanup of failed allocations to prevent these issues.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: imx-jpeg: Limpieza tras un error de asignaci\u00f3n. Si el controlador no corrige los fallos de asignaci\u00f3n, los errores de asignaci\u00f3n posteriores ser\u00e1n falsos positivos, lo que provocar\u00e1 que los b\u00faferes permanezcan sin inicializar y desreferencias de punteros nulos. Aseg\u00farese de que las asignaciones fallidas se limpien correctamente para evitar estos problemas.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0ee9469f818a0b4de3c0e7aecd733c103820d181\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6d0efe7d35c75394f32ff9d0650a007642d23857\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7500bb9cf164edbb2c8117d57620227b1a4a8369\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b89ff9cf37ff59399f850d5f7781ef78fc37679f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ec26be7d6355a05552a0d0c1e73031f83aa4dc7f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…