CVE-2025-37971

Published: May 20, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to vchiq_state") changed mmal_init to pass dev->v4l2_dev.dev to vchiq_mmal_init, however nothing iniitialised dev->v4l2_dev, so we got a NULL pointer dereference. Set dev->v4l2_dev.dev during bcm2835_mmal_probe. The device pointer could be passed into v4l2_device_register to set it, however that also has other effects that would need additional changes.

Vendor	Product	Versions
Linux	Linux	affected `42a2f6664e18874302623f31edef545ef41e1d14 - < 06753f49336ab161ea0e249a0720125b81b7b31b` affected `42a2f6664e18874302623f31edef545ef41e1d14 - < b70bdd4923e8b8edbacde2af83ca337bb7005261` affected `42a2f6664e18874302623f31edef545ef41e1d14 - < 98698ca0e58734bc5c1c24e5bbc7429f981cd186`
Linux	Linux	affected `6.10` unaffected `0 - < 6.10` unaffected `6.12.29 - <= 6.12.` unaffected `6.14.7 - <= 6.14.` unaffected `6.15 - <= *`

References

https://git.kernel.org/stable/c/06753f49336ab161ea0e249a0720125b81b7b31b

https://git.kernel.org/stable/c/b70bdd4923e8b8edbacde2af83ca337bb7005261

https://git.kernel.org/stable/c/98698ca0e58734bc5c1c24e5bbc7429f981cd186

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-37971

Description

Affected Products

References