CVE-2025-37801

Published May 8, 2025

Last updated 21 days ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() return error, and make NULL pointer dereference. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: 0x0 spi_imx_pio_transfer+0x50/0xd8 spi_imx_transfer_one+0x18c/0x858 spi_transfer_one_message+0x43c/0x790 __spi_pump_transfer_message+0x238/0x5d4 __spi_sync+0x2b0/0x454 spi_write_then_read+0x11c/0x200
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-476

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05A05DE3-3248-434C-8967-0FB26A540FA5",
            "versionEndExcluding": "6.1.136"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D79CE030-3114-45E0-B52B-C77781BCB587",
            "versionEndExcluding": "6.6.89",
            "versionStartIncluding": "6.2"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22F52099-F422-4D19-8283-45F9F9BF4392",
            "versionEndExcluding": "6.12.26",
            "versionStartIncluding": "6.7"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B25CA7E-4CD0-46DB-B4EF-13A3516071FB",
            "versionEndExcluding": "6.14.5",
            "versionStartIncluding": "6.13"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C9D071F-B28E-46EC-AC61-22B913390211"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References