CVE-2025-38265

Summary

In the Linux kernel, the following vulnerability has been resolved:

serial: jsm: fix NPE during jsm_uart_port_init

No device was set which caused serial_base_ctrl_add to crash.

BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1 RIP: 0010:serial_base_ctrl_add+0x96/0x120 Call Trace: <TASK> serial_core_register_port+0x1a0/0x580 ? __setup_irq+0x39c/0x660 ? __kmalloc_cache_noprof+0x111/0x310 jsm_uart_port_init+0xe8/0x180 [jsm] jsm_probe_one+0x1f4/0x410 [jsm] local_pci_probe+0x42/0x90 pci_device_probe+0x22f/0x270 really_probe+0xdb/0x340 ? pm_runtime_barrier+0x54/0x90 ? __pfx___driver_attach+0x10/0x10 __driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8c/0xe0 bus_add_driver+0x112/0x1f0 driver_register+0x72/0xd0 jsm_init_module+0x36/0xff0 [jsm] ? __pfx_jsm_init_module+0x10/0x10 [jsm] do_one_initcall+0x58/0x310 do_init_module+0x60/0x230

Tested with Digi Neo PCIe 8 port card.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux84a9582fd203063cd4d301204971ff2cd8327f1a < 3258d7ff8ebfa451426662b23e8f2b51b129afe1affected
LinuxLinux84a9582fd203063cd4d301204971ff2cd8327f1a < 985961dd2688a527a4847300d41beaad475ab7afaffected
LinuxLinux84a9582fd203063cd4d301204971ff2cd8327f1a < a14c0d2eb3f0b1836fdec22908b87ecffd2ac844affected
LinuxLinux84a9582fd203063cd4d301204971ff2cd8327f1a < abaecb2a4ad021c2f2426e9b2a9c020aef57aca9affected
LinuxLinux84a9582fd203063cd4d301204971ff2cd8327f1a < e3975aa899c0a3bbc10d035e699b142cd1373a71affected
LinuxLinux6.5affected
LinuxLinux0 < 6.5unaffected
LinuxLinux6.6.94 <= 6.6.*unaffected
LinuxLinux6.12.33 <= 6.12.*unaffected
LinuxLinux6.14.11 <= 6.14.*unaffected
LinuxLinux6.15.2 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

References