1. Home
  2. Vulnerabilities
  3. CVE-2025-37758
5.5
MEDIUM CVSS 3.1
CVE-2025-37758
ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
Description

In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does not check for this case, which can result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue.

INFO

Published Date :

May 1, 2025, 1:15 p.m.

Last Modified :

Nov. 4, 2025, 5:59 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-37758 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
1 Debian debian_linux
: Total Affected Vendor : 2 | Products : 2
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
Solution
Apply kernel patches to fix a NULL pointer dereference in pxa_ata_probe.
  • Update the Linux kernel to a patched version.
  • Ensure the pxa_ata_probe function checks for NULL pointers.
  • Review kernel code for similar NULL pointer dereference issues.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-37758.

URL Resource
https://git.kernel.org/stable/c/17d5e6e915fad5a261db3698c9c5bbe702102d7c Patch
https://git.kernel.org/stable/c/2ba9e4c69207777bb0775c7c091800ecd69de144 Patch
https://git.kernel.org/stable/c/2dc53c7a0c1f57b082931facafa804a7ca32a9a6 Patch
https://git.kernel.org/stable/c/5b09bf6243b0bc0ae58bd9efdf6f0de5546f8d06 Patch
https://git.kernel.org/stable/c/a551f75401793ba8075d7f46ffc931ce5151f03f Patch
https://git.kernel.org/stable/c/ad320e408a8c95a282ab9c05cdf0c9b95e317985 Patch
https://git.kernel.org/stable/c/c022287f6e599422511aa227dc6da37b58d9ceac Patch
https://git.kernel.org/stable/c/d0d720f9282839b9db625a376c02a1426a16b0ae Patch
https://git.kernel.org/stable/c/ee2b0301d6bfe16b35d57947687c664ecb815775 Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Mailing List
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-37758 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-37758 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-37758 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-37758 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Nov. 04, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.13.12 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.14 up to (excluding) 6.14.3 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.88 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.24 *cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.181 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.36 up to (excluding) 5.4.293 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.237 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.135
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/17d5e6e915fad5a261db3698c9c5bbe702102d7c Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/2ba9e4c69207777bb0775c7c091800ecd69de144 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/2dc53c7a0c1f57b082931facafa804a7ca32a9a6 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/5b09bf6243b0bc0ae58bd9efdf6f0de5546f8d06 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a551f75401793ba8075d7f46ffc931ce5151f03f Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ad320e408a8c95a282ab9c05cdf0c9b95e317985 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c022287f6e599422511aa227dc6da37b58d9ceac Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d0d720f9282839b9db625a376c02a1426a16b0ae Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ee2b0301d6bfe16b35d57947687c664ecb815775 Types: Patch
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Types: Mailing List
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 03, 2025

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 02, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/17d5e6e915fad5a261db3698c9c5bbe702102d7c
    Added Reference https://git.kernel.org/stable/c/a551f75401793ba8075d7f46ffc931ce5151f03f
    Added Reference https://git.kernel.org/stable/c/d0d720f9282839b9db625a376c02a1426a16b0ae
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 01, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does not check for this case, which can result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue.
    Added Reference https://git.kernel.org/stable/c/2ba9e4c69207777bb0775c7c091800ecd69de144
    Added Reference https://git.kernel.org/stable/c/2dc53c7a0c1f57b082931facafa804a7ca32a9a6
    Added Reference https://git.kernel.org/stable/c/5b09bf6243b0bc0ae58bd9efdf6f0de5546f8d06
    Added Reference https://git.kernel.org/stable/c/ad320e408a8c95a282ab9c05cdf0c9b95e317985
    Added Reference https://git.kernel.org/stable/c/c022287f6e599422511aa227dc6da37b58d9ceac
    Added Reference https://git.kernel.org/stable/c/ee2b0301d6bfe16b35d57947687c664ecb815775
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact