CVE-2025-37971

May 21, 2025, 8:24 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to vchiq_state") changed mmal_init to pass dev->v4l2_dev.dev to vchiq_mmal_init, however nothing iniitialised dev->v4l2_dev, so we got a NULL pointer dereference. Set dev->v4l2_dev.dev during bcm2835_mmal_probe. The device pointer could be passed into v4l2_device_register to set it, however that also has other effects that would need additional changes.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / bcm2835_camera /

References

https://git.kernel.org/stable/c/06753f49336ab161ea0e249a0720125b81b7b31b
https://git.kernel.org/stable/c/98698ca0e58734bc5c1c24e5bbc7429f981cd186
https://git.kernel.org/stable/c/b70bdd4923e8b8edbacde2af83ca337bb7005261

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-05-20
CVE-2025-37971

Timeline

Published: May 20, 2025, 5:15 p.m.
Last Modified: May 21, 2025, 8:24 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.