CVE-2025-22031

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the PCI/bwctrl component. This issue occurs when the BIOS fails to assign bus numbers to PCI bridges, and the kernel attempts to correct this during PCI device enumeration. If the kernel runs out of bus numbers, no pci bus is allocated, and the "subordinate" pointer in the bridge's pci dev remains NULL. The PCIe bandwidth controller does not check for a NULL subordinate pointer and dereferences it on probe. This issue can lead to a kernel NULL pointer dereference. The estimated number of potentially affected devices is not available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.