In the Linux kernel, the following vulnerability has been resolved:

media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar

In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add
check on msg[0].len to prevent crash.

Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux
  • Linux Kernel
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/17b30e5ded062bd74f8ca6f317e1d415a8680665 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/39b06b93f24dff923c4183d564ed28c039150554 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/454a443eaa792c8865c861a282fe6d4f596abc3a cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/6bbaec6a036940e22318f0454b50b8000845ab59 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/7a41ecfc3415ebe3b4c44f96b3337691dcf431a3 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/99690a494d91a0dc86cebd628da4c62c40552bcb cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/b3d77a3fc71c084575d3df4ec6544b3fb6ce587d cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/ed0234c8458b3149f15e496b48a1c9874dd24a1b cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/f98132a59ccc59a8b97987363bc99c8968934756 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38693 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38693 cve-icon
History

Fri, 05 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Fri, 05 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
References

Thu, 04 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
Title media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-09-29T05:56:09.550Z

Reserved: 2025-04-16T04:51:24.032Z

Link: CVE-2025-38693

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-04T16:15:37.593

Modified: 2025-09-05T17:47:24.833

Link: CVE-2025-38693

cve-icon Redhat

Severity :

Publid Date: 2025-09-04T15:32:46Z

Links: CVE-2025-38693 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-09-05T14:02:49Z