CVE-2025-38122

gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO

Description

In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo() did not check for this case before dereferencing the returned pointer. Add a missing NULL check to prevent a potential NULL pointer dereference when allocation fails. This improves robustness in low-memory scenarios.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ae98a1787fdcb0096d122bc80d93c3c7d812c04b
https://git.kernel.org/stable/c/2e5ead9e4e91fbe7799bd38afd8904543be1cb51
https://git.kernel.org/stable/c/7f6265fce3bd424ded666481b37f106d7915fb6b
https://git.kernel.org/stable/c/a0319c9b1648a67511e947a596ca86888451c0a7
https://git.kernel.org/stable/c/c741a7ef68023ac800054e2131c3e22e647fd7e3
https://git.kernel.org/stable/c/12c331b29c7397ac3b03584e12902990693bc248

Frequently Asked Questions

What is the severity of CVE-2025-38122?
CVE-2025-38122 has not yet been assigned a CVSS score.
How to fix CVE-2025-38122?
To fix CVE-2025-38122, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38122 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38122 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38122?
CVE-2025-38122 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.