{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38275","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.998Z","datePublished":"2025-07-10T07:41:55.658Z","dateUpdated":"2026-05-11T21:24:43.469Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:24:43.469Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/phy/qualcomm/phy-qcom-qmp-usb.c"],"versions":[{"version":"a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd","lessThan":"0b979a409e40457ca1b5cb48755d1f34eee58805","status":"affected","versionType":"git"},{"version":"a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd","lessThan":"127dfb4f1c5a2b622039c5d203f321380ea36665","status":"affected","versionType":"git"},{"version":"a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd","lessThan":"5072c1749197fc28b27d7efc0d80320d7cac9572","status":"affected","versionType":"git"},{"version":"a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd","lessThan":"0c33117f00c8c5363c22676931b22ae5041f7603","status":"affected","versionType":"git"},{"version":"a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd","lessThan":"d14402a38c2d868cacb1facaf9be908ca6558e59","status":"affected","versionType":"git"},{"version":"368ea32e0ad0335bdf3180067875a928e35387c6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/phy/qualcomm/phy-qcom-qmp-usb.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"6.1.142","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.94","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.34","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.3","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.142"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.6.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.12.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.15.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.93"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b979a409e40457ca1b5cb48755d1f34eee58805"},{"url":"https://git.kernel.org/stable/c/127dfb4f1c5a2b622039c5d203f321380ea36665"},{"url":"https://git.kernel.org/stable/c/5072c1749197fc28b27d7efc0d80320d7cac9572"},{"url":"https://git.kernel.org/stable/c/0c33117f00c8c5363c22676931b22ae5041f7603"},{"url":"https://git.kernel.org/stable/c/d14402a38c2d868cacb1facaf9be908ca6558e59"}],"title":"phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:36:09.044Z"}}]}}