PT-2025-18462 · Linux+6 · Linux Kernel+6
Published
2025-04-13
·
Updated
2026-05-26
·
CVE-2025-37781
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.15.0-rc1-00004-g44722359ed83
Description
A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the i2c-cros-ec-tunnel module. This issue occurs when the EC driver and i2c-cros-ec-tunnel are built-in, and the EC parent device is not found, leading to a NULL pointer dereference. The error can be reproduced by unbinding the controller driver and loading the i2c-cros-ec-tunnel module. The issue is related to the
ec i2c probe function.Recommendations
To resolve this issue, update the Linux kernel to a version later than 6.15.0-rc1-00004-g44722359ed83. As a temporary workaround, consider disabling the
ec i2c probe function until a patch is available. Restrict access to the i2c-cros-ec-tunnel module to minimize the risk of exploitation. Avoid using the i2c-cros-ec-tunnel module until the issue is resolved.Exploit
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu