Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-23136

Опубликовано: 16 апр. 2025
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

thermal: int340x: Add NULL check for adev

Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL").

Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe().

Note, under the same directory, int3400_thermal_probe() has such a check.

[ rjw: Subject edit, added Fixes: ]

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 3.18 (включая) до 5.4.292 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.5 (включая) до 5.10.236 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.11 (включая) до 5.15.180 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.16 (включая) до 6.1.134 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.6.87 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.12.23 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.13 (включая) до 6.13.11 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.14 (включая) до 6.14.2 (исключая)

EPSS

Процентиль: 5%
0.00026
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2025-23136

CVSS3: 5.5
ubuntu
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL"). Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe(). Note, under the same directory, int3400_thermal_probe() has such a check. [ rjw: Subject edit, added Fixes: ]

redhat логотип

CVE-2025-23136

CVSS3: 5.5
redhat
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL"). Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe(). Note, under the same directory, int3400_thermal_probe() has such a check. [ rjw: Subject edit, added Fixes: ]

msrc логотип

CVE-2025-23136

CVSS3: 5.5
msrc
около 2 месяцев назад

Описание отсутствует

debian логотип

CVE-2025-23136

CVSS3: 5.5
debian
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: t ...

github логотип

GHSA-5659-626r-mfvx

CVSS3: 5.5
github
2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL"). Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe(). Note, under the same directory, int3400_thermal_probe() has such a check. [ rjw: Subject edit, added Fixes: ]

EPSS

Процентиль: 5%
0.00026
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-476