CVE-2025-38597
MEDIUMDescription
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of video ports, so while binding the vop2, we look through the list of available windows trying to find one designated as primary-plane and usable by that specific port. The code later wants to use drm_crtc_init_with_planes with that found primary plane, but nothing has checked so far if a primary plane was actually found. For whatever reason, the rk3576 vp2 does not have a usable primary window (if vp0 is also in use) which brought the issue to light and ended in a null-pointer dereference further down. As we expect a primary-plane to exist for a video-port, add a check at the end of the window-iteration and fail probing if none was found.
How to fix
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Impact
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploit Intelligence
Low risk: more likely to be exploited than 4% of all known CVEs.
References
Related Vulnerabilities
Other CWE-476 (NULL Pointer Dereference) vulnerabilities, ordered by exploit likelihood. View all
| CVE | Severity | CVSS | EPSS | Exploited | Fix |
|---|---|---|---|---|---|
| CVE-2023-21758 | High | 7.5 | 92% | - | Fix |
| CVE-2023-21547 | High | 7.5 | 88% | - | Fix |
| CVE-2014-3470 | Medium | 4.3 | 86% | - | Fix |
| CVE-2021-44224 | High | 8.2 | 82% | - | Fix |
| CVE-2016-0742 | High | 7.5 | 82% | - | Fix |
| CVE-2009-1386 | Medium | 5.0 | 80% | - | Fix |
Embed a live status badge for CVE-2025-38597
Markdown
[](https://tridentstack.com/cve/CVE-2025-38597)HTML
<a href="https://tridentstack.com/cve/CVE-2025-38597"><img src="https://tridentstack.com/cve/badge/CVE-2025-38597.svg" alt="CVE-2025-38597"></a>Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-11-26.