Acknowledged
Created: Jul 10, 2025
Updated: Jul 14, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug[EOL][EOL]The qmp_usb_iomap() helper function currently returns the raw result of[EOL]devm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return[EOL]a NULL pointer and the caller only checks error pointers with IS_ERR(),[EOL]NULL could bypass the check and lead to an invalid dereference.[EOL][EOL]Fix the issue by checking if devm_ioremap() returns NULL. When it does,[EOL]qmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),[EOL]ensuring safe and consistent error handling.
CREATE(Triage):(User=admin) [CVE-2025-38275 (https://nvd.nist.gov/vuln/detail/CVE-2025-38275)
