cve 2025 38143

About this tag
CVE-2025-38143 is a Linux kernel vulnerability involving a NULL pointer dereference in the backlight driver (pm8941), where wled_configure() fails to check the return value of devm_kasprintf(). The issue has been patched upstream and mapped by multiple vendors. Microsoft's Security Response Center lists Azure Linux as a potentially affected product, though this is an inventory attestation for a single product and does not guarantee that no other Microsoft products contain the same vulnerable code. Discussions on WindowsForum.com cover the technical details of the flaw, the upstream fix, and guidance for Azure Linux users on applying the patch.
  1. CVE-2025-38143: Linux Kernel NULL Dereference, Azure Linux Attestation and Patch Guide

    The Linux kernel fix tracked as CVE‑2025‑38143 — described as a NULL pointer dereference in the backlight driver (pm8941) where wled_configure() failed to check devm_kasprintf() — is real, patched upstream, and has been mapped by multiple vendors; Microsoft’s Security Response Center (MSRC)...