CVE-2025-71193

EPSS 0.03%
Veröffentlicht 04.02.2026 16:04:14
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

phy: qcom-qusb2: Fix NULL pointer dereference on early suspend

In the Linux kernel, the following vulnerability has been resolved:

phy: qcom-qusb2: Fix NULL pointer dereference on early suspend

Enabling runtime PM before attaching the QPHY instance as driver data
can lead to a NULL pointer dereference in runtime PM callbacks that
expect valid driver data. There is a small window where the suspend
callback may run after PM runtime enabling and before runtime forbid.
This causes a sporadic crash during boot:

```
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a1
[...]
CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.7+ #116 PREEMPT
Workqueue: pm pm_runtime_work
pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : qusb2_phy_runtime_suspend+0x14/0x1e0 [phy_qcom_qusb2]
lr : pm_generic_runtime_suspend+0x2c/0x44
[...]
```

Attach the QPHY instance as driver data before enabling runtime PM to
prevent NULL pointer dereference in runtime PM callbacks.

Reorder pm_runtime_enable() and pm_runtime_forbid() to prevent a
short window where an unnecessary runtime suspend can occur.

Use the devres-managed version to ensure PM runtime is symmetrically
disabled during driver removal for proper cleanup.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c

Version < beba460a299150b5d8dcbe3474a8f4bdf0205180

Status affected

Version 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c

Version < d50a9b7fd07296a1ab81c49ceba14cae3d31df86

Status affected

Version 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c

Version < 4ac15caa27ff842b068a54f1c6a8ff8b31f658e7

Status affected

Version 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c

Version < 1ca52c0983c34fca506921791202ed5bdafd5306

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.17

Status affected

Version 0

Version < 4.17

Status unaffected

Version <= 6.6.*

Version 6.6.122

Status unaffected

Version <= 6.12.*

Version 6.12.67

Status unaffected

Version <= 6.18.*

Version 6.18.7

Status unaffected

Version <= *

Version 6.19

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.074

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/beba460a299150b5d8dcbe3474a8f4bdf0205180

https://git.kernel.org/stable/c/d50a9b7fd07296a1ab81c49ceba14cae3d31df86

https://git.kernel.org/stable/c/4ac15caa27ff842b068a54f1c6a8ff8b31f658e7

https://git.kernel.org/stable/c/1ca52c0983c34fca506921791202ed5bdafd5306

https://nvd.nist.gov/vuln/detail/CVE-2025-71193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71193

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-71193