| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026011306-CVE-2025-68797-b45e@gregkh> Date: Tue, 13 Jan 2026 16:29:23 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68797: char: applicom: fix NULL pointer dereference in ac_ioctl From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in ac_ioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In ac_ioctl, the validation of IndexCard and the check for a valid RamIO pointer are skipped when cmd is 6. However, the function unconditionally executes readb(apbs[IndexCard].RamIO + VERS) at the end. If cmd is 6, IndexCard may reference a board that does not exist (where RamIO is NULL), leading to a NULL pointer dereference. Fix this by skipping the readb access when cmd is 6, as this command is a global information query and does not target a specific board context. The Linux kernel CVE team has assigned CVE-2025-68797 to this issue. Affected and fixed versions =========================== Fixed in 6.1.160 with commit 0b8b353e09888bccee405e0dd6feafb60360f478 Fixed in 6.6.120 with commit d285517429a75423789e6408653e57b6fdfc8e54 Fixed in 6.12.64 with commit 74883565c621eec6cd2e35fe6d27454cf2810c23 Fixed in 6.18.3 with commit f83e3e9f89181b42f6076a115d767a7552c4a39e Fixed in 6.19-rc1 with commit 82d12088c297fa1cef670e1718b3d24f414c23f7 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68797 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/char/applicom.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0b8b353e09888bccee405e0dd6feafb60360f478 https://git.kernel.org/stable/c/d285517429a75423789e6408653e57b6fdfc8e54 https://git.kernel.org/stable/c/74883565c621eec6cd2e35fe6d27454cf2810c23 https://git.kernel.org/stable/c/f83e3e9f89181b42f6076a115d767a7552c4a39e https://git.kernel.org/stable/c/82d12088c297fa1cef670e1718b3d24f414c23f7
Powered by blists - more mailing lists