AZL-64904

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64904.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-64904

Upstream

CVE-2025-38265

Published

2025-07-10T08:15:24Z

Modified

2026-04-01T05:20:26.063604Z

Summary

CVE-2025-38265 affecting package kernel for versions less than 6.6.96.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

serial: jsm: fix NPE during jsmuartport_init

No device was set which caused serialbasectrl_add to crash.

BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1 RIP: 0010:serialbasectrladd+0x96/0x120 Call Trace: <TASK> serialcoreregisterport+0x1a0/0x580 ? __setup_irq+0x39c/0x660 ? __kmalloccachenoprof+0x111/0x310 jsmuartportinit+0xe8/0x180 [jsm] jsmprobeone+0x1f4/0x410 [jsm] localpciprobe+0x42/0x90 pcideviceprobe+0x22f/0x270 reallyprobe+0xdb/0x340 ? pmruntimebarrier+0x54/0x90 ? pfxdriverattach+0x10/0x10 __driverprobedevice+0x78/0x110 driverprobedevice+0x1f/0xa0 __driverattach+0xba/0x1c0 busfor_eachdev+0x8c/0xe0 busadddriver+0x112/0x1f0 driverregister+0x72/0xd0 jsminitmodule+0x36/0xff0 [jsm] ? _pfxjsminitmodule+0x10/0x10 [jsm] dooneinitcall+0x58/0x310 doinitmodule+0x60/0x230

Tested with Digi Neo PCIe 8 port card.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38265

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.96.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64904.json"