CVE-2025-71193

EPSS -
Veröffentlicht 04.02.2026 16:04:14
Zuletzt bearbeitet 04.02.2026 17:16:11
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

phy: qcom-qusb2: Fix NULL pointer dereference on early suspend

Enabling runtime PM before attaching the QPHY instance as driver data
can lead to a NULL pointer dereference in runtime PM callbacks that
expect valid driver data. There is a small window where the suspend
callback may run after PM runtime enabling and before runtime forbid.
This causes a sporadic crash during boot:

```
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a1
[...]
CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.7+ #116 PREEMPT
Workqueue: pm pm_runtime_work
pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : qusb2_phy_runtime_suspend+0x14/0x1e0 [phy_qcom_qusb2]
lr : pm_generic_runtime_suspend+0x2c/0x44
[...]
```

Attach the QPHY instance as driver data before enabling runtime PM to
prevent NULL pointer dereference in runtime PM callbacks.

Reorder pm_runtime_enable() and pm_runtime_forbid() to prevent a
short window where an unnecessary runtime suspend can occur.

Use the devres-managed version to ensure PM runtime is symmetrically
disabled during driver removal for proper cleanup.

Betroffene Produkte Warnungen 0 Metriken 0 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < beba460a299150b5d8dcbe3474a8f4bdf0205180

Version 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c

Status affected

Version < d50a9b7fd07296a1ab81c49ceba14cae3d31df86

Version 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c

Status affected

Version < 4ac15caa27ff842b068a54f1c6a8ff8b31f658e7

Version 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c

Status affected

Version < 1ca52c0983c34fca506921791202ed5bdafd5306

Version 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.17

Status affected

Version < 4.17

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.122

Status unaffected

Version <= 6.12.*

Version 6.12.67

Status unaffected

Version <= 6.18.*

Version 6.18.7

Status unaffected

Version <= *

Version 6.19-rc6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

Es wurden noch keine Metriken (CVSS, EPSS) zu dieser CVE veröffentlicht.

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/beba460a299150b5d8dcbe3474a8f4bdf0205180

https://git.kernel.org/stable/c/d50a9b7fd07296a1ab81c49ceba14cae3d31df86

https://git.kernel.org/stable/c/4ac15caa27ff842b068a54f1c6a8ff8b31f658e7

https://git.kernel.org/stable/c/1ca52c0983c34fca506921791202ed5bdafd5306

https://nvd.nist.gov/vuln/detail/CVE-2025-71193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71193

EUVD