{ "threat_severity" : "Moderate", "public_date" : "2025-07-10T00:00:00Z", "bugzilla" : { "description" : "kernel: serial: jsm: fix NPE during jsm_uart_port_init", "id" : "2379197", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2379197" }, "cvss3" : { "cvss3_base_score" : "4.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nserial: jsm: fix NPE during jsm_uart_port_init\nNo device was set which caused serial_base_ctrl_add to crash.\nBUG: kernel NULL pointer dereference, address: 0000000000000050\nOops: Oops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1\nRIP: 0010:serial_base_ctrl_add+0x96/0x120\nCall Trace:\n\nserial_core_register_port+0x1a0/0x580\n? __setup_irq+0x39c/0x660\n? __kmalloc_cache_noprof+0x111/0x310\njsm_uart_port_init+0xe8/0x180 [jsm]\njsm_probe_one+0x1f4/0x410 [jsm]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0x22f/0x270\nreally_probe+0xdb/0x340\n? pm_runtime_barrier+0x54/0x90\n? __pfx___driver_attach+0x10/0x10\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8c/0xe0\nbus_add_driver+0x112/0x1f0\ndriver_register+0x72/0xd0\njsm_init_module+0x36/0xff0 [jsm]\n? __pfx_jsm_init_module+0x10/0x10 [jsm]\ndo_one_initcall+0x58/0x310\ndo_init_module+0x60/0x230\nTested with Digi Neo PCIe 8 port card." ], "statement" : "A null pointer dereference was discovered in the jsm_uart_port_init() function of the jsm serial driver due to a missing initialization of the uart_port.dev field. This issue triggers a kernel crash when the driver attempts to register the serial port via serial_base_ctrl_add(). Exploitation requires the ability to load and initialize a kernel module (e.g., via `modprobe` or `insmod`), which is restricted to privileged users. As such, only a local user with administrative rights (CAP_SYS_MODULE or equivalent) can trigger the vulnerable code path, justifying PR:H.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38265\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38265\nhttps://lore.kernel.org/linux-cve-announce/2025071035-CVE-2025-38265-be37@gregkh/T" ], "name" : "CVE-2025-38265", "csaw" : false }