Heiko Thiery

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.14.0 **Description** A NULL pointer dereference issue has been identified in the Linux kernel when passing 'phys' in the devicetree to describe the USB PHY phandle. This issue occurs because the charger functions check for the phy presence inside the `imx usbmisc data` structure (`data->usb phy`), but the chipidea core populates the `usb phy` passed via 'phys' inside `'struct ci hdrc'` (`ci->usb phy`) instead. The issue causes a NULL pointer dereference inside the `imx7d charger detection()` function. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, the fix involves also searching for 'phys' in case 'fsl,usbphy' is not found. As a temporary workaround, consider disabling the `imx7d charger detection()` function until a patch is available.