5.5

CVE-2025-37748

iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group

In the Linux kernel, the following vulnerability has been resolved:

iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group

Currently, mtk_iommu calls during probe iommu_device_register before
the hw_list from driver data is initialized. Since iommu probing issue
fix, it leads to NULL pointer dereference in mtk_iommu_device_group when
hw_list is accessed with list_first_entry (not null safe).

So, change the call order to ensure iommu_device_register is called
after the driver data are initialized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.19 < 6.1.135
LinuxLinux Kernel Version >= 6.2 < 6.6.88
LinuxLinux Kernel Version >= 6.7 < 6.12.24
LinuxLinux Kernel Version >= 6.13 < 6.13.12
LinuxLinux Kernel Version >= 6.14 < 6.14.3
LinuxLinux Kernel Version6.15 Updaterc1
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.052
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/2f75cb27bef43c8692b0f5e471e5632f6a9beb99
Patch
https://git.kernel.org/stable/c/6abd09bed43b8d83d461e0fb5b9a200a06aa8a27
Patch
https://git.kernel.org/stable/c/a0842539e8ef9386c070156103aff888e558a60c
Patch
https://git.kernel.org/stable/c/ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c
Patch
https://git.kernel.org/stable/c/69f9d2d37d1207c5a73dac52a4ce1361ead707f5
Patch
https://git.kernel.org/stable/c/38e8844005e6068f336a3ad45451a562a0040ca1
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Mailing List