CVE-2025-38629

medium

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocated via kasprintf(), but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check.

References

https://git.kernel.org/stable/c/df485a4b2b3ee5b35c80f990beb554e38a8a5fb1

https://git.kernel.org/stable/c/d558db85920b124bac36f8a7ddc5de0aa7491bdd

https://git.kernel.org/stable/c/2c735fcaee81ad8056960659dc9dc460891e76b0

Details

Source: Mitre, NVD

Published: 2025-08-22

Updated: 2025-08-22

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00017