AZL-64989

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64989.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-64989

Upstream

CVE-2025-38275

Published

2025-07-10T08:15:25Z

Modified

2026-04-01T05:20:27.188305Z

Summary

CVE-2025-38275 affecting package kernel for versions less than 6.6.96.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug

The qmpusbiomap() helper function currently returns the raw result of devmioremap() for non-exclusive mappings. Since devmioremap() may return a NULL pointer and the caller only checks error pointers with IS_ERR(), NULL could bypass the check and lead to an invalid dereference.

Fix the issue by checking if devmioremap() returns NULL. When it does, qmpusbiomap() now returns an error pointer via IOMEMERR_PTR(-ENOMEM), ensuring safe and consistent error handling.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38275

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.96.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64989.json"