fkie_nvd - fkie_cve-2025-37801

fkie_cve-2025-37801

Vulnerability from fkie_nvd

Published

2025-05-08 07:15

Modified

2025-06-05 14:32

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() return error, and make NULL pointer dereference. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: 0x0 spi_imx_pio_transfer+0x50/0xd8 spi_imx_transfer_one+0x18c/0x858 spi_transfer_one_message+0x43c/0x790 __spi_pump_transfer_message+0x238/0x5d4 __spi_sync+0x2b0/0x454 spi_write_then_read+0x11c/0x200

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/055ef73bb1afc3f783a9a13b496770a781964a07	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/185d376875ea6fb4256b9dc97ee0b4d2b0fdd399	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2b4479eb462ecb39001b38dfb331fc6028dedac8	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2fea0d6d7b5d27fbf55512d51851ba0a346ede52	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/951a04ab3a2db4029debfa48d380ef834b93207e	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	6.15
linux	linux_kernel	6.15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05A05DE3-3248-434C-8967-0FB26A540FA5",
              "versionEndExcluding": "6.1.136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D79CE030-3114-45E0-B52B-C77781BCB587",
              "versionEndExcluding": "6.6.89",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22F52099-F422-4D19-8283-45F9F9BF4392",
              "versionEndExcluding": "6.12.26",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B25CA7E-4CD0-46DB-B4EF-13A3516071FB",
              "versionEndExcluding": "6.14.5",
              "versionStartIncluding": "6.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4C9D071F-B28E-46EC-AC61-22B913390211",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-imx: Add check for spi_imx_setupxfer()\n\nAdd check for the return value of spi_imx_setupxfer().\nspi_imx-\u003erx and spi_imx-\u003etx function pointer can be NULL when\nspi_imx_setupxfer() return error, and make NULL pointer dereference.\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Call trace:\n  0x0\n  spi_imx_pio_transfer+0x50/0xd8\n  spi_imx_transfer_one+0x18c/0x858\n  spi_transfer_one_message+0x43c/0x790\n  __spi_pump_transfer_message+0x238/0x5d4\n  __spi_sync+0x2b0/0x454\n  spi_write_then_read+0x11c/0x200"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: spi-imx: Agregar verificaci\u00f3n para spi_imx_setupxfer() Agregar verificaci\u00f3n para el valor de retorno de spi_imx_setupxfer(). El puntero de funci\u00f3n spi_imx-\u0026gt;rx y spi_imx-\u0026gt;tx puede ser NULL cuando spi_imx_setupxfer() devuelve un error y hace que el puntero se desreferencia a NULL. No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 Rastreo de llamadas: 0x0 spi_imx_pio_transfer+0x50/0xd8 spi_imx_transfer_one+0x18c/0x858 spi_transfer_one_message+0x43c/0x790 __spi_pump_transfer_message+0x238/0x5d4 __spi_sync+0x2b0/0x454 spi_write_then_read+0x11c/0x200"
    }
  ],
  "id": "CVE-2025-37801",
  "lastModified": "2025-06-05T14:32:39.940",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-08T07:15:51.257",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/055ef73bb1afc3f783a9a13b496770a781964a07"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/185d376875ea6fb4256b9dc97ee0b4d2b0fdd399"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2b4479eb462ecb39001b38dfb331fc6028dedac8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2fea0d6d7b5d27fbf55512d51851ba0a346ede52"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/951a04ab3a2db4029debfa48d380ef834b93207e"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2025-37801 (GCVE-0-2025-37801)

Vulnerability from cvelistv5

Published

2025-05-08 06:26

Modified

2025-05-26 05:21

Severity ?

Summary

References

►

URL

Tags

	https://git.kernel.org/stable/c/2fea0d6d7b5d27fbf55512d51851ba0a346ede52
	https://git.kernel.org/stable/c/2b4479eb462ecb39001b38dfb331fc6028dedac8
	https://git.kernel.org/stable/c/185d376875ea6fb4256b9dc97ee0b4d2b0fdd399
	https://git.kernel.org/stable/c/055ef73bb1afc3f783a9a13b496770a781964a07
	https://git.kernel.org/stable/c/951a04ab3a2db4029debfa48d380ef834b93207e

Impacted products

Vendor

Product

Version

►

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2