Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-38122

In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo() did not check for this case before dereferencing the returned pointer. Add a missing NULL check to prevent a potential NULL pointer dereference when allocation fails. This improves robustness in low-memory scenarios.

Published

2025-07-03T09:15:26.297

Last Modified

2025-12-17T18:11:35.853

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 5.15.186	Yes
Operating System	linux	linux_kernel	< 6.1.142	Yes
Operating System	linux	linux_kernel	< 6.6.94	Yes
Operating System	linux	linux_kernel	< 6.12.34	Yes
Operating System	linux	linux_kernel	< 6.15.3	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://git.kernel.org/stable/c/12c331b29c7397ac3b03584e12902990693bc248 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/2e5ead9e4e91fbe7799bd38afd8904543be1cb51 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/7f6265fce3bd424ded666481b37f106d7915fb6b Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/a0319c9b1648a67511e947a596ca86888451c0a7 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/ae98a1787fdcb0096d122bc80d93c3c7d812c04b Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/c741a7ef68023ac800054e2131c3e22e647fd7e3 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)