CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-38225: media: imx-jpeg: Cleanup after an allocation error

Description

In the Linux kernel, the following vulnerability has been resolved:

media: imx-jpeg: Cleanup after an allocation error

When allocation failures are not cleaned up by the driver, further
allocation errors will be false-positives, which will cause buffers to
remain uninitialized and cause NULL pointer dereferences.
Ensure proper cleanup of failed allocations to prevent these issues.

Classification

CVE ID: CVE-2025-38225

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.9% (scored less or equal to compared to others)

EPSS Date: 2025-07-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38225
https://git.kernel.org/stable/c/ec26be7d6355a05552a0d0c1e73031f83aa4dc7f
https://git.kernel.org/stable/c/0ee9469f818a0b4de3c0e7aecd733c103820d181
https://git.kernel.org/stable/c/6d0efe7d35c75394f32ff9d0650a007642d23857
https://git.kernel.org/stable/c/7500bb9cf164edbb2c8117d57620227b1a4a8369

Timeline

2025-07-04 14:40:20 UTC
CVE

media: imx-jpeg: Cleanup after an allocation error