CVE-2025-37971
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37971
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37971.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37971
- Downstream
- Published
- 2025-05-20T16:47:17Z
- Modified
- 2025-10-18T01:26:05.335881Z
- Summary
- staging: bcm2835-camera: Initialise dev in v4l2_dev
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
staging: bcm2835-camera: Initialise dev in v4l2_dev
Commit 42a2f6664e18 ("staging: vc04services: Move global gstate to vchiqstate") changed mmalinit to pass dev->v4l2dev.dev to vchiqmmalinit, however nothing iniitialised dev->v4l2dev, so we got a NULL pointer dereference.
Set dev->v4l2dev.dev during bcm2835mmalprobe. The device pointer could be passed into v4l2device_register to set it, however that also has other effects that would need additional changes.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced42a2f6664e18874302623f31edef545ef41e1d14Fixed06753f49336ab161ea0e249a0720125b81b7b31b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced42a2f6664e18874302623f31edef545ef41e1d14Fixedb70bdd4923e8b8edbacde2af83ca337bb7005261
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced42a2f6664e18874302623f31edef545ef41e1d14Fixed98698ca0e58734bc5c1c24e5bbc7429f981cd186
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.14.6
v6.15-rc1
v6.9
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2025-37971-1be10090",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"338789479344573770396489480246201376793",
"168963476115176097445859383117848752748",
"56960437172365951411221564401796000635",
"56490218968425974231037795920854628555"
]
},
"target": {
"file": "drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b70bdd4923e8b8edbacde2af83ca337bb7005261",
"signature_type": "Line"
},
{
"id": "CVE-2025-37971-6297700f",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"338789479344573770396489480246201376793",
"168963476115176097445859383117848752748",
"56960437172365951411221564401796000635",
"56490218968425974231037795920854628555"
]
},
"target": {
"file": "drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@98698ca0e58734bc5c1c24e5bbc7429f981cd186",
"signature_type": "Line"
},
{
"id": "CVE-2025-37971-9b5d1778",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 3015.0,
"function_hash": "171355883055545869726077304507747013718"
},
"target": {
"function": "bcm2835_mmal_probe",
"file": "drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@98698ca0e58734bc5c1c24e5bbc7429f981cd186",
"signature_type": "Function"
},
{
"id": "CVE-2025-37971-a7408e8d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 3015.0,
"function_hash": "171355883055545869726077304507747013718"
},
"target": {
"function": "bcm2835_mmal_probe",
"file": "drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b70bdd4923e8b8edbacde2af83ca337bb7005261",
"signature_type": "Function"
},
{
"id": "CVE-2025-37971-e2168f44",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 3015.0,
"function_hash": "171355883055545869726077304507747013718"
},
"target": {
"function": "bcm2835_mmal_probe",
"file": "drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@06753f49336ab161ea0e249a0720125b81b7b31b",
"signature_type": "Function"
},
{
"id": "CVE-2025-37971-e50b5ffc",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"338789479344573770396489480246201376793",
"168963476115176097445859383117848752748",
"56960437172365951411221564401796000635",
"56490218968425974231037795920854628555"
]
},
"target": {
"file": "drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@06753f49336ab161ea0e249a0720125b81b7b31b",
"signature_type": "Line"
}
]