5.5

CVE-2025-23147

EPSS 0.03%
Veröffentlicht 01.05.2025 12:55:36
Zuletzt bearbeitet 05.11.2025 18:04:44
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

i3c: Add NULL pointer check in i3c_master_queue_ibi()

The I3C master driver may receive an IBI from a target device that has not
been probed yet. In such cases, the master calls `i3c_master_queue_ibi()`
to queue an IBI work task, leading to "Unable to handle kernel read from
unreadable memory" and resulting in a kernel panic.

Typical IBI handling flow:
1. The I3C master scans target devices and probes their respective drivers.
2. The target device driver calls `i3c_device_request_ibi()` to enable IBI
   and assigns `dev->ibi = ibi`.
3. The I3C master receives an IBI from the target device and calls
   `i3c_master_queue_ibi()` to queue the target device driver’s IBI
   handler task.

However, since target device events are asynchronous to the I3C probe
sequence, step 3 may occur before step 2, causing `dev->ibi` to be `NULL`,
leading to a kernel panic.

Add a NULL pointer check in `i3c_master_queue_ibi()` to prevent accessing
an uninitialized `dev->ibi`, ensuring stability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.0 < 5.4.293

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.237

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.181

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.135

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.88

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.24

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.12

Linux ≫ Linux Kernel Version >= 6.14 < 6.14.3

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.084

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/d83b0c03ef8fbea2f03029a1cc1f5041f0e1d47f

Patch

https://git.kernel.org/stable/c/6871a676aa534e8f218279672e0445c725f81026

Patch

https://git.kernel.org/stable/c/e6bba328578feb58c614c11868c259b40484c5fa

Patch

https://git.kernel.org/stable/c/fe4a4fc179b7898055555a11685915473588392e

Patch

https://git.kernel.org/stable/c/ff9d61db59bb27d16d3f872bff2620d50856b80c

Patch

https://git.kernel.org/stable/c/bd496a44f041da9ef3afe14d1d6193d460424e91

Patch

https://git.kernel.org/stable/c/09359e7c8751961937cb5fc50220969b0a4e1058

Patch

https://git.kernel.org/stable/c/1b54faa5f47fa7c642179744aeff03f0810dc62e

Patch

https://git.kernel.org/stable/c/3ba402610843d7d15c7f3966a461deeeaff7fba4

Patch

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-23147

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-23147

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-23147

EUVD