CVE-2025-37971

staging: bcm2835-camera: Initialise dev in v4l2_dev

Description

In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to vchiq_state") changed mmal_init to pass dev->v4l2_dev.dev to vchiq_mmal_init, however nothing iniitialised dev->v4l2_dev, so we got a NULL pointer dereference. Set dev->v4l2_dev.dev during bcm2835_mmal_probe. The device pointer could be passed into v4l2_device_register to set it, however that also has other effects that would need additional changes.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/06753f49336ab161ea0e249a0720125b81b7b31b
https://git.kernel.org/stable/c/b70bdd4923e8b8edbacde2af83ca337bb7005261
https://git.kernel.org/stable/c/98698ca0e58734bc5c1c24e5bbc7429f981cd186

Frequently Asked Questions

What is the severity of CVE-2025-37971?
CVE-2025-37971 has not yet been assigned a CVSS score.
How to fix CVE-2025-37971?
To fix CVE-2025-37971, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37971 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37971 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37971?
CVE-2025-37971 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.