CVE-2025-38274 in Linuxinfo

Summary

by MITRE • 07/10/2025

In the Linux kernel, the following vulnerability has been resolved:

fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()

fpga_mgr_test_img_load_sgt() allocates memory for sgt using kunit_kzalloc() however it does not check if the allocation failed. It then passes sgt to sg_alloc_table(), which passes it to __sg_alloc_table(). This function calls memset() on sgt in an attempt to zero it out. If the allocation fails then sgt will be NULL and the memset will trigger a NULL pointer dereference.

Fix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL().

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 12/07/2025

The vulnerability identified as CVE-2025-38274 resides within the Linux kernel's FPGA management subsystem, specifically in the fpga_mgr_test_img_load_sgt() function. This flaw represents a classic null pointer dereference issue that can lead to system instability and potential denial of service conditions. The vulnerability manifests when the kernel attempts to handle FPGA image loading operations during testing phases, creating a scenario where memory allocation failures are not properly handled, resulting in critical system crashes.

The technical implementation of this vulnerability stems from improper error handling in the memory allocation process. The function fpga_mgr_test_img_load_sgt() utilizes kunit_kzalloc() to allocate memory for a scatter-gather table structure known as sgt. However, the code fails to validate whether this allocation succeeds or fails, creating a dangerous condition where a NULL pointer is subsequently passed to the sg_alloc_table() function. This function then delegates to __sg_alloc_table() which attempts to execute memset() on the NULL pointer, causing an immediate system crash due to the null pointer dereference.

This vulnerability directly maps to CWE-476, which specifically addresses NULL pointer dereference conditions in software implementations. The flaw demonstrates a fundamental lack of input validation and error checking that violates established security best practices for kernel development. The operational impact extends beyond simple system crashes, as this vulnerability can be exploited to cause persistent denial of service conditions in systems that rely on FPGA management capabilities, particularly in embedded systems, data center infrastructure, and industrial control environments where FPGA resources are actively managed.

The fix implemented addresses this issue by incorporating proper error checking using KUNIT_ASSERT_NOT_ERR_OR_NULL() which ensures that the memory allocation result is validated before proceeding with subsequent operations. This mitigation aligns with the ATT&CK framework's defensive techniques for preventing code execution vulnerabilities and represents a fundamental improvement in kernel security practices. The solution demonstrates proper defensive programming principles where resource allocation failures are explicitly handled, preventing cascading failures that could compromise system stability. Systems utilizing FPGA management functionality should be updated immediately to incorporate this patch, as the vulnerability represents a critical security risk that could be exploited by malicious actors to disrupt critical infrastructure operations. The fix maintains the intended functionality while establishing robust error handling that prevents the null pointer dereference condition from occurring under any circumstances.

Responsible

Linux

Reservation

04/16/2025

Disclosure

07/10/2025

Moderation

accepted

CPE

ready

EPSS

0.00155

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!