{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38693", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.032Z", "datePublished": "2025-09-04T15:32:46.726Z", "dateUpdated": "2026-05-12T12:05:29.640Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:33:09.780Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar\n\nIn w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash.\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/dvb-frontends/dib7000p.c"], "versions": [{"version": "713d54a8bd812229410a1902cd9b332a2a27af9f", "lessThan": "7a41ecfc3415ebe3b4c44f96b3337691dcf431a3", "status": "affected", "versionType": "git"}, {"version": "713d54a8bd812229410a1902cd9b332a2a27af9f", "lessThan": "b3d77a3fc71c084575d3df4ec6544b3fb6ce587d", "status": "affected", "versionType": "git"}, {"version": "713d54a8bd812229410a1902cd9b332a2a27af9f", "lessThan": "17b30e5ded062bd74f8ca6f317e1d415a8680665", "status": "affected", "versionType": "git"}, {"version": "713d54a8bd812229410a1902cd9b332a2a27af9f", "lessThan": "454a443eaa792c8865c861a282fe6d4f596abc3a", "status": "affected", "versionType": "git"}, {"version": "713d54a8bd812229410a1902cd9b332a2a27af9f", "lessThan": "6bbaec6a036940e22318f0454b50b8000845ab59", "status": "affected", "versionType": "git"}, {"version": "713d54a8bd812229410a1902cd9b332a2a27af9f", "lessThan": "f98132a59ccc59a8b97987363bc99c8968934756", "status": "affected", "versionType": "git"}, {"version": "713d54a8bd812229410a1902cd9b332a2a27af9f", "lessThan": "99690a494d91a0dc86cebd628da4c62c40552bcb", "status": "affected", "versionType": "git"}, {"version": "713d54a8bd812229410a1902cd9b332a2a27af9f", "lessThan": "39b06b93f24dff923c4183d564ed28c039150554", "status": "affected", "versionType": "git"}, {"version": "713d54a8bd812229410a1902cd9b332a2a27af9f", "lessThan": "ed0234c8458b3149f15e496b48a1c9874dd24a1b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/dvb-frontends/dib7000p.c"], "versions": [{"version": "2.6.39", "status": "affected"}, {"version": "0", "lessThan": "2.6.39", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.297", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.241", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.190", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.149", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.103", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.43", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.11", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.2", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.39", "versionEndExcluding": "5.4.297"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.39", "versionEndExcluding": "5.10.241"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.39", "versionEndExcluding": "5.15.190"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.39", "versionEndExcluding": "6.1.149"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.39", "versionEndExcluding": "6.6.103"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.39", "versionEndExcluding": "6.12.43"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.39", "versionEndExcluding": "6.15.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.39", "versionEndExcluding": "6.16.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.39", "versionEndExcluding": "6.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7a41ecfc3415ebe3b4c44f96b3337691dcf431a3"}, {"url": "https://git.kernel.org/stable/c/b3d77a3fc71c084575d3df4ec6544b3fb6ce587d"}, {"url": "https://git.kernel.org/stable/c/17b30e5ded062bd74f8ca6f317e1d415a8680665"}, {"url": "https://git.kernel.org/stable/c/454a443eaa792c8865c861a282fe6d4f596abc3a"}, {"url": "https://git.kernel.org/stable/c/6bbaec6a036940e22318f0454b50b8000845ab59"}, {"url": "https://git.kernel.org/stable/c/f98132a59ccc59a8b97987363bc99c8968934756"}, {"url": "https://git.kernel.org/stable/c/99690a494d91a0dc86cebd628da4c62c40552bcb"}, {"url": "https://git.kernel.org/stable/c/39b06b93f24dff923c4183d564ed28c039150554"}, {"url": "https://git.kernel.org/stable/c/ed0234c8458b3149f15e496b48a1c9874dd24a1b"}], "title": "media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:41:18.481Z"}}, {"x_adpType": "supplier", "providerMetadata": {"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-05-12T12:05:29.640Z"}, "affected": [{"vendor": "Siemens", "product": "SIMATIC CN 4100", "versions": [{"status": "affected", "version": "0", "lessThan": "V5.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC1E0B53-6A10-4A41-B984-7EB55785D55F", "versionEndExcluding": "5.4.297", "versionStartIncluding": "2.6.39", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0D21C35-EB8A-488A-BBF9-403E4817E5DD", "versionEndExcluding": "5.10.241", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD9E597F-3DDE-4D7E-976C-463D0611F13F", "versionEndExcluding": "5.15.190", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDBE8280-8983-4D2D-943D-2E6D0104E2D8", "versionEndExcluding": "6.1.149", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2293654-7169-49B5-8D0D-EE51EF8B8E48", "versionEndExcluding": "6.6.103", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "472C5F87-2BF3-4FAB-9B21-DA7513977363", "versionEndExcluding": "6.12.43", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC242347-F722-43AE-B910-BE0B22386977", "versionEndExcluding": "6.15.11", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD7C087D-2415-4521-B624-30003352F899", "versionEndExcluding": "6.16.2", "versionStartIncluding": "6.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar\n\nIn w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash.\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")"}], "id": "CVE-2025-38693", "lastModified": "2026-05-12T13:16:55.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-09-04T16:15:37.593", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/17b30e5ded062bd74f8ca6f317e1d415a8680665"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/39b06b93f24dff923c4183d564ed28c039150554"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/454a443eaa792c8865c861a282fe6d4f596abc3a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6bbaec6a036940e22318f0454b50b8000845ab59"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a41ecfc3415ebe3b4c44f96b3337691dcf431a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/99690a494d91a0dc86cebd628da4c62c40552bcb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b3d77a3fc71c084575d3df4ec6544b3fb6ce587d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ed0234c8458b3149f15e496b48a1c9874dd24a1b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f98132a59ccc59a8b97987363bc99c8968934756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar", "id": "2393165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393165"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2025-38693", "public_date": "2025-09-04T15:32:46Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38693\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38693\nhttps://git.kernel.org/stable/c/17b30e5ded062bd74f8ca6f317e1d415a8680665\nhttps://git.kernel.org/stable/c/39b06b93f24dff923c4183d564ed28c039150554\nhttps://git.kernel.org/stable/c/454a443eaa792c8865c861a282fe6d4f596abc3a\nhttps://git.kernel.org/stable/c/6bbaec6a036940e22318f0454b50b8000845ab59\nhttps://git.kernel.org/stable/c/7a41ecfc3415ebe3b4c44f96b3337691dcf431a3\nhttps://git.kernel.org/stable/c/99690a494d91a0dc86cebd628da4c62c40552bcb\nhttps://git.kernel.org/stable/c/b3d77a3fc71c084575d3df4ec6544b3fb6ce587d\nhttps://git.kernel.org/stable/c/ed0234c8458b3149f15e496b48a1c9874dd24a1b\nhttps://git.kernel.org/stable/c/f98132a59ccc59a8b97987363bc99c8968934756"]}

{"analysis": {"en": {"generated_at": "2026-04-20T15:31:39.285525+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a patched version that includes the null\u2011pointer dereference fix; on distributions that provide vendor\u2011specific kernel packages, install the latest kernel update that references the commit fixing the issue.", "For systems that cannot be updated immediately, disable the w7090p driver or block access to the device files used by the driver so the crash path cannot be triggered.", "Monitor system logs for kernel panics or session crashes that may be related to the tuner driver, and plan timely kernel upgrades."], "summary": {"action": "Apply Patch", "impact": "Denial of Service (crash)"}, "threat_synthesis": {"affected_systems": "It affects Linux kernel installations that include the w7090p frontend driver, such as those found in Debian 11.0 and other distributions using the kernel version with the vulnerable code. The driver is only loaded when the associated DVB hardware is present, so the crash is limited to systems using that hardware.", "description_and_impact": "The vulnerability is a null pointer dereference in the w7090p DVB tuner frontend driver. When a user sends a message with a null buffer and zero length, the driver dereferences a pointer without checking, causing a kernel crash. This results in a denial of service by crashing the system and is classified as CWE\u2011476.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% shows a very low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely local or requires a user to send a crafted message to the driver; no remote network path is documented."}}}}, "created": "2025-09-05T14:02:49.791466+00:00", "updated": "2026-04-20T15:45:10.385682+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}