CVE-2025-38138: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38138 is a vulnerability discovered in the Linux kernel, specifically in the DMA engine's Texas Instruments (TI) driver component. The vulnerability was disclosed on July 3, 2025, and involves a NULL pointer dereference issue in the udma_probe() function (NVD, CVE).

The vulnerability occurs when devm_kasprintf() returns NULL due to memory allocation failure in the udma_probe() function. The function does not properly check for this NULL return value, which can lead to a NULL pointer dereference. This issue affects various Linux kernel versions, including versions 5.10.223-1 through 6.12.31-1 (Debian Tracker). The vulnerability has been assigned a CVSS v2.0 score of 5.0 (AV:L/AC:L/Au:N/C:N/I:N/A:C) (Rapid7).

The vulnerability can result in a NULL pointer dereference, which typically leads to a system crash or denial of service condition. This affects systems running the vulnerable versions of the Linux kernel, particularly those utilizing the TI DMA engine functionality (Rapid7).

The issue has been fixed in Linux kernel version 6.12.35-1 and later. Debian has marked this version as fixed in the trixie and sid releases. Users are advised to upgrade to the patched versions to mitigate this vulnerability (Debian Tracker).