| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025052046-CVE-2025-37972-31c1@gregkh> Date: Tue, 20 May 2025 18:45:51 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-37972: Input: mtk-pmic-keys - fix possible null pointer dereference From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the code will try to dereference a null pointer. Let's use the regs struct instead as it is defined for all supported platforms. Note that it is ok setting the key reg even if that latter is disabled as the interrupt won't be enabled anyway. The Linux kernel CVE team has assigned CVE-2025-37972 to this issue. Affected and fixed versions =========================== Issue introduced in 6.0 with commit b581acb49aec5c3b0af9ab1c537fb73481b79069 and fixed in 6.1.139 with commit 334d74a798463ceec02a41eb0e2354aaac0d6249 Issue introduced in 6.0 with commit b581acb49aec5c3b0af9ab1c537fb73481b79069 and fixed in 6.6.91 with commit 90fa6015ff83ef1c373cc61b7c924ab2bcbe1801 Issue introduced in 6.0 with commit b581acb49aec5c3b0af9ab1c537fb73481b79069 and fixed in 6.12.29 with commit 619c05fb176c272ac6cecf723446b39723ee6d97 Issue introduced in 6.0 with commit b581acb49aec5c3b0af9ab1c537fb73481b79069 and fixed in 6.14.7 with commit 09429ddb5a91e9e8f72cd18c012ec4171c2f85ec Issue introduced in 6.0 with commit b581acb49aec5c3b0af9ab1c537fb73481b79069 and fixed in 6.15-rc6 with commit 11cdb506d0fbf5ac05bf55f5afcb3a215c316490 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-37972 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/input/keyboard/mtk-pmic-keys.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/334d74a798463ceec02a41eb0e2354aaac0d6249 https://git.kernel.org/stable/c/90fa6015ff83ef1c373cc61b7c924ab2bcbe1801 https://git.kernel.org/stable/c/619c05fb176c272ac6cecf723446b39723ee6d97 https://git.kernel.org/stable/c/09429ddb5a91e9e8f72cd18c012ec4171c2f85ec https://git.kernel.org/stable/c/11cdb506d0fbf5ac05bf55f5afcb3a215c316490
Powered by blists - more mailing lists