github - ghsa-9qxw-372m-v533

ghsa-9qxw-372m-v533

Vulnerability from github

Published

2025-09-05 18:31

Modified

2025-09-05 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

media: iris: Fix NULL pointer dereference

A warning reported by smatch indicated a possible null pointer dereference where one of the arguments to API "iris_hfi_gen2_handle_system_error" could sometimes be null.

To fix this, add a check to validate that the argument passed is not null before accessing its members.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-39708"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-05T18:15:48Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: Fix NULL pointer dereference\n\nA warning reported by smatch indicated a possible null pointer\ndereference where one of the arguments to API\n\"iris_hfi_gen2_handle_system_error\" could sometimes be null.\n\nTo fix this, add a check to validate that the argument passed is not\nnull before accessing its members.",
  "id": "GHSA-9qxw-372m-v533",
  "modified": "2025-09-05T18:31:27Z",
  "published": "2025-09-05T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39708"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f837559ccdd275c5a059e6ac4d5034b03409f1d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/992ddee3c0da5f113ba86892ace467c1ac645538"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-39708 (GCVE-0-2025-39708)

Vulnerability from cvelistv5

Published

2025-09-05 17:21

Modified

2025-09-29 05:57

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix NULL pointer dereference A warning reported by smatch indicated a possible null pointer dereference where one of the arguments to API "iris_hfi_gen2_handle_system_error" could sometimes be null. To fix this, add a check to validate that the argument passed is not null before accessing its members.

References

URL

Tags

	https://git.kernel.org/stable/c/992ddee3c0da5f113ba86892ace467c1ac645538
	https://git.kernel.org/stable/c/0f837559ccdd275c5a059e6ac4d5034b03409f1d

Impacted products

Vendor

Product

Version

Version: fb583a214337a5600c121c9e1eecbb57fa9db688
Version: fb583a214337a5600c121c9e1eecbb57fa9db688

Version: 6.15

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "992ddee3c0da5f113ba86892ace467c1ac645538",
              "status": "affected",
              "version": "fb583a214337a5600c121c9e1eecbb57fa9db688",
              "versionType": "git"
            },
            {
              "lessThan": "0f837559ccdd275c5a059e6ac4d5034b03409f1d",
              "status": "affected",
              "version": "fb583a214337a5600c121c9e1eecbb57fa9db688",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.4",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: Fix NULL pointer dereference\n\nA warning reported by smatch indicated a possible null pointer\ndereference where one of the arguments to API\n\"iris_hfi_gen2_handle_system_error\" could sometimes be null.\n\nTo fix this, add a check to validate that the argument passed is not\nnull before accessing its members."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:57:51.657Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/992ddee3c0da5f113ba86892ace467c1ac645538"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f837559ccdd275c5a059e6ac4d5034b03409f1d"
        }
      ],
      "title": "media: iris: Fix NULL pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39708",
    "datePublished": "2025-09-05T17:21:15.082Z",
    "dateReserved": "2025-04-16T07:20:57.116Z",
    "dateUpdated": "2025-09-29T05:57:51.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.