Primary

Context

Linux Kernel STM32 CSI Media Subsystem NULL Dereference Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's media subsystem for STM32 cameras has been addressed. The issue involved a direct dereference of 'csidev->s_subdev' in the 'stm32_csi_start' function, which could lead to a NULL pointer dereference. Although the code later checks for NULL, the initial dereference could still cause issues. The vulnerability has been fixed by rearranging the code to perform the NULL check before dereferencing.

Impact

The vulnerability could lead to a NULL pointer dereference, causing a potential crash or undefined behavior in the application.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux kernel stable tree.

Added: Oct 20, 2025, 4:24 PM

Updated: Oct 20, 2025, 4:24 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel STM32 CSI Media Subsystem NULL Dereference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating