CVE-2025-68187
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Apply the updated Linux kernel patch that includes the fix for the mdio driver by adding an IS_ERR() check after the device_node_to_regmap() call in airoha_mdio_probe(). This prevents the driver from storing an invalid pointer and avoids potential crashes.
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mdio driver, specifically in the airoha_mdio_probe() function. The function calls device_node_to_regmap(), which can fail and return an error pointer (ERR_PTR()). The driver currently does not check if the pointer is an error before using it, which can lead to a crash when the pointer is dereferenced. The fix involves adding a check (IS_ERR()) to validate the pointer and handle errors properly, making the probe process more robust.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the Linux kernel to crash due to dereferencing an invalid pointer. This can lead to system instability or denial of service, affecting the reliability of systems running the vulnerable driver.