| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026020439-CVE-2025-71193-288d@gregkh> Date: Wed, 4 Feb 2026 17:04:40 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data. There is a small window where the suspend callback may run after PM runtime enabling and before runtime forbid. This causes a sporadic crash during boot: ``` Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a1 [...] CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.7+ #116 PREEMPT Workqueue: pm pm_runtime_work pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : qusb2_phy_runtime_suspend+0x14/0x1e0 [phy_qcom_qusb2] lr : pm_generic_runtime_suspend+0x2c/0x44 [...] ``` Attach the QPHY instance as driver data before enabling runtime PM to prevent NULL pointer dereference in runtime PM callbacks. Reorder pm_runtime_enable() and pm_runtime_forbid() to prevent a short window where an unnecessary runtime suspend can occur. Use the devres-managed version to ensure PM runtime is symmetrically disabled during driver removal for proper cleanup. The Linux kernel CVE team has assigned CVE-2025-71193 to this issue. Affected and fixed versions =========================== Issue introduced in 4.17 with commit 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c and fixed in 6.6.122 with commit beba460a299150b5d8dcbe3474a8f4bdf0205180 Issue introduced in 4.17 with commit 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c and fixed in 6.12.67 with commit d50a9b7fd07296a1ab81c49ceba14cae3d31df86 Issue introduced in 4.17 with commit 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c and fixed in 6.18.7 with commit 4ac15caa27ff842b068a54f1c6a8ff8b31f658e7 Issue introduced in 4.17 with commit 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c and fixed in 6.19-rc6 with commit 1ca52c0983c34fca506921791202ed5bdafd5306 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71193 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/phy/qualcomm/phy-qcom-qusb2.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/beba460a299150b5d8dcbe3474a8f4bdf0205180 https://git.kernel.org/stable/c/d50a9b7fd07296a1ab81c49ceba14cae3d31df86 https://git.kernel.org/stable/c/4ac15caa27ff842b068a54f1c6a8ff8b31f658e7 https://git.kernel.org/stable/c/1ca52c0983c34fca506921791202ed5bdafd5306
Powered by blists - more mailing lists