PT-2025-16733 · Linux+5 · Linux Kernel+5

Published

2025-03-14

·

Updated

2026-01-26

·

CVE-2025-22093

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version
Description A vulnerability in the Linux kernel has been resolved. The issue occurs when the ASIC does not support DMUB, causing ctx->dmub srv to be NULL. This value is then dereferenced in dmub hw lock mgr cmd if should use dmub lock returns true. The fix involves checking for dmub srv in should use dmub lock. The vulnerability has been present since DMUB support was added for PSR1.
Recommendations For Linux kernel versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider disabling the dmub hw lock mgr cmd function until a patch is available. Restrict access to the vulnerable dmub srv component to minimize the risk of exploitation. Avoid using the should use dmub lock function in the affected API endpoint until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-12168
CVE-2025-22093
DLA-4193-1
DSA-5907-1
ECHO-3EA8-4AFC-8845
MGASA-2025-0142
MGASA-2025-0146
OESA-2025-2633
OESA-2025-2634
OPENSUSE-SU-2025_01614-1
OPENSUSE-SU-2025_01707-1
SUSE-SU-2025:01614-1
SUSE-SU-2025:01707-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:20343-1
SUSE-SU-2025:20344-1
SUSE-SU-2025:20354-1
SUSE-SU-2025:20355-1
SUSE-SU-2025_01614-1
SUSE-SU-2025_01707-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
USN-7594-1
USN-7594-2
USN-7594-3

Affected Products

Astra Linux
Debian
Linux Kernel
Red Os
Suse
Ubuntu