CVE-2025-38629 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocated via kasprintf(), but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-22 | Updated 2025-09-29 | Assigner Linux

Product status

Default status

unaffected

8eba063b5b2b498ddd01ea6f29fc9b12368c3d53 before d558db85920b124bac36f8a7ddc5de0aa7491bdd

affected

8eba063b5b2b498ddd01ea6f29fc9b12368c3d53 before 2c735fcaee81ad8056960659dc9dc460891e76b0

affected

8eba063b5b2b498ddd01ea6f29fc9b12368c3d53 before df485a4b2b3ee5b35c80f990beb554e38a8a5fb1

affected

Default status

affected

6.13

affected

Any version before 6.13

unaffected

6.15.10

unaffected

6.16.1

unaffected

6.17

unaffected

References

git.kernel.org/...c/d558db85920b124bac36f8a7ddc5de0aa7491bdd

git.kernel.org/...c/2c735fcaee81ad8056960659dc9dc460891e76b0

git.kernel.org/...c/df485a4b2b3ee5b35c80f990beb554e38a8a5fb1

cve.org (CVE-2025-38629)

nvd.nist.gov (CVE-2025-38629)

Download JSON

help @ threatint.eu