VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Sep 4, 2025· Updated May 12, 2026

CVE-2025-38693

CVE-2025-38693

Description

In the Linux kernel, the following vulnerability has been resolved:

media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar

In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash.

Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")

Affected products

2
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • Linux/Kernel
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=2.6.39,<5.4.297

Patches

9
7a41ecfc3415
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
b3d77a3fc71c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
17b30e5ded06
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
454a443eaa79
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
6bbaec6a0369
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
f98132a59ccc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
99690a494d91
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
39b06b93f24d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
ed0234c8458b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

1