Linux Kernel NULL Pointer Dereference Vulnerability in USB Gadget ASPEED Component

Vulnerability

A NULL pointer dereference vulnerability has been identified in the USB gadget ASPEED component of the Linux kernel. The issue arises because the variable 'd->name', returned by 'devm_kasprintf()', could be NULL. This vulnerability has been addressed by adding a pointer check to prevent the potential NULL pointer dereference. This issue was discovered through static analysis.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a kernel crash or other undefined behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in USB Gadget ASPEED Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating