Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-38197
CVE-2025-38197:
Linux Kernel vulnerability analysis and mitigation
Overview
CVE-2025-38197 is a vulnerability discovered in the Linux kernel's platform/x86 dell_rbu component, disclosed on July 4, 2025. The vulnerability affects the packet list handling functionality in the Dell Remote BIOS Update (RBU) driver (NVD Database).
Technical details
The vulnerability stems from incorrect list head usage in the listforeach_entry*() function when looping through the packet list. The CVSS 3.1 base score is 7.0 (High) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access required with high attack complexity (Red Hat Security).
Impact
When exploited, the vulnerability causes incorrect data display when reading packet data via sysfs and can result in a NULL pointer dereference when clearing the packet list. This affects system stability and data integrity (NVD Database).
Mitigation and workarounds
The vulnerability has been resolved through a patch that corrects the list head usage in the listforeach_entry*() function when processing the packet list. Users of affected systems should apply the available security updates (NVD Database).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management