5.5

CVE-2025-37972

Input: mtk-pmic-keys - fix possible null pointer dereference

In the Linux kernel, the following vulnerability has been resolved:

Input: mtk-pmic-keys - fix possible null pointer dereference

In mtk_pmic_keys_probe, the regs parameter is only set if the button is
parsed in the device tree. However, on hardware where the button is left
floating, that node will most likely be removed not to enable that
input. In that case the code will try to dereference a null pointer.

Let's use the regs struct instead as it is defined for all supported
platforms. Note that it is ok setting the key reg even if that latter is
disabled as the interrupt won't be enabled anyway.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.0 < 6.1.139
LinuxLinux Kernel Version >= 6.2 < 6.6.91
LinuxLinux Kernel Version >= 6.7 < 6.12.29
LinuxLinux Kernel Version >= 6.13 < 6.14.7
LinuxLinux Kernel Version6.15 Updaterc1
LinuxLinux Kernel Version6.15 Updaterc2
LinuxLinux Kernel Version6.15 Updaterc3
LinuxLinux Kernel Version6.15 Updaterc4
LinuxLinux Kernel Version6.15 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.044
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/334d74a798463ceec02a41eb0e2354aaac0d6249
Patch
https://git.kernel.org/stable/c/90fa6015ff83ef1c373cc61b7c924ab2bcbe1801
Patch
https://git.kernel.org/stable/c/619c05fb176c272ac6cecf723446b39723ee6d97
Patch
https://git.kernel.org/stable/c/09429ddb5a91e9e8f72cd18c012ec4171c2f85ec
Patch
https://git.kernel.org/stable/c/11cdb506d0fbf5ac05bf55f5afcb3a215c316490
Patch
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
Third Party Advisory