CVE-2025-38007

medium

Description

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogic_input_configured() devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

References

https://git.kernel.org/stable/c/bd07f751208ba190f9b0db5e5b7f35d5bb4a8a1e

https://git.kernel.org/stable/c/b616453d719ee1b8bf2ea6f6cc6c6258a572a590

https://git.kernel.org/stable/c/ad6caaf29bc26a48b1241ce82561fcbcf0a75aa9

https://git.kernel.org/stable/c/94e7272b636a0677082e0604609e4c471e0a2caf

https://git.kernel.org/stable/c/01b76cc8ca243fc3376b035aa326bbc4f03d384b

Details

Source: Mitre, NVD

Published: 2025-06-18

Updated: 2025-06-18

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018