CVE-2025-38301 in Linux
Summary
by MITRE • 07/10/2025
In the Linux kernel, the following vulnerability has been resolved:
nvmem: zynqmp_nvmem: unbreak driver after cleanup
Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") changed the driver to expect the device pointer to be passed as the "context", but in nvmem the context parameter comes from nvmem_config.priv which is never set - Leading to null pointer exceptions when the device is accessed.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/07/2025
The vulnerability CVE-2025-38301 represents a critical driver initialization flaw within the Linux kernel's nvmem subsystem, specifically affecting the zynqmp_nvmem driver implementation. This issue emerged from a recent code cleanup commit that fundamentally altered how device context information is handled within the driver framework. The root cause stems from a disconnect between the expected parameter passing mechanism and the actual implementation within the nvmem framework, creating a scenario where essential device pointers fail to propagate correctly through the driver initialization sequence.
The technical flaw manifests as a null pointer dereference condition that occurs when the zynqmp_nvmem driver attempts to access device resources after the cleanup operation. The problematic commit 29be47fcd6a0 modified the driver to expect a device pointer to be passed as a "context" parameter, but this expectation conflicts with the nvmem subsystem's design where the context parameter originates from nvmem_config.priv field. This field remains unpopulated throughout the driver's lifecycle, creating a fundamental mismatch that results in runtime exceptions when device operations are attempted.
The operational impact of this vulnerability extends beyond simple driver malfunction to potentially compromise system stability and security integrity on embedded systems utilizing Xilinx Zynq UltraScale+ MPSoC platforms. When the driver encounters null pointer exceptions during device access operations, it can lead to system crashes, kernel oops messages, and complete driver unavailability. This affects devices that rely on non-volatile memory operations for critical system functions, including secure boot processes, device configuration storage, and persistent data management. The vulnerability particularly impacts embedded systems where the zynqmp_nvmem driver is responsible for accessing secure elements and configuration data stored in the platform's non-volatile memory subsystem.
This vulnerability aligns with CWE-476 which describes NULL Pointer Dereference, and represents a classic example of improper initialization in kernel drivers. The issue demonstrates poor adherence to the ATT&CK framework's technique T1059.006 for kernel-level exploitation, where driver-level flaws can be leveraged to cause system instability and potentially enable further attack vectors. The problem specifically relates to the kernel's device driver model where context handling between subsystems fails to maintain proper data flow. Mitigation strategies should focus on ensuring proper initialization of nvmem_config.priv fields and maintaining backward compatibility during driver cleanup operations. System administrators should prioritize applying the relevant kernel patches that restore proper context handling and ensure the device pointer is correctly passed through the nvmem subsystem's configuration mechanism. Additionally, comprehensive testing of driver initialization sequences and memory access patterns should be implemented to prevent similar context-related issues in other kernel subsystems.