| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100417-CVE-2025-39934-4c48@gregkh> Date: Sat, 4 Oct 2025 09:33:18 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39934: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpc_client device, potentially leading to NULL pointer dereference. The Linux kernel CVE team has assigned CVE-2025-39934 to this issue. Affected and fixed versions =========================== Issue introduced in 5.11 with commit 8bdfc5dae4e3ba4d99dfb430ef43249e5f1b7730 and fixed in 6.1.154 with commit f9a089d0a6d537d0f2061c8a37a7de535ce0310e Issue introduced in 5.11 with commit 8bdfc5dae4e3ba4d99dfb430ef43249e5f1b7730 and fixed in 6.6.108 with commit 15a77e1ab0a994d69b471c76b8d01117128dda26 Issue introduced in 5.11 with commit 8bdfc5dae4e3ba4d99dfb430ef43249e5f1b7730 and fixed in 6.12.49 with commit 0da73f7827691a5e2265b110d5fe12f29535ec92 Issue introduced in 5.11 with commit 8bdfc5dae4e3ba4d99dfb430ef43249e5f1b7730 and fixed in 6.16.9 with commit 1a7ea294d57fb61485d11b3f2241d631d73025cb Issue introduced in 5.11 with commit 8bdfc5dae4e3ba4d99dfb430ef43249e5f1b7730 and fixed in 6.17 with commit a10f910c77f280327b481e77eab909934ec508f0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39934 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/bridge/analogix/anx7625.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f9a089d0a6d537d0f2061c8a37a7de535ce0310e https://git.kernel.org/stable/c/15a77e1ab0a994d69b471c76b8d01117128dda26 https://git.kernel.org/stable/c/0da73f7827691a5e2265b110d5fe12f29535ec92 https://git.kernel.org/stable/c/1a7ea294d57fb61485d11b3f2241d631d73025cb https://git.kernel.org/stable/c/a10f910c77f280327b481e77eab909934ec508f0
Powered by blists - more mailing lists