CVE-2025-68330
Unknown Unknown - Not Provided
Null Pointer Dereference in Linux bmc150 Accel Driver Causes Kernel Crash

Publication date: 2025-12-22

Last updated on: 2025-12-22

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a kernel splat like this if the device has no interrupts: Unable to handle kernel NULL pointer dereference at virtual address 00000001 when read PC is at bmc150_accel_set_interrupt+0x98/0x194 LR is at __pm_runtime_resume+0x5c/0x64 (...) Call trace: bmc150_accel_set_interrupt from bmc150_accel_buffer_postenable+0x40/0x108 bmc150_accel_buffer_postenable from __iio_update_buffers+0xbe0/0xcbc __iio_update_buffers from enable_store+0x84/0xc8 enable_store from kernfs_fop_write_iter+0x154/0x1b4 This bug seems to have been in the driver since the beginning, but it only manifests recently, I do not know why. Store the IRQ number in the state struct, as this is a common pattern in other drivers, then use this to determine if we have IRQ support or not.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-22
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68330
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bosch bmc150 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a bug in the Linux kernel's bmc150 accelerometer driver. The driver unconditionally calls a function to set interrupts even if the device does not support interrupts, leading to a NULL pointer dereference and a kernel crash (kernel splat). This happens because the code assumes the presence of an interrupt without checking, causing the kernel to try to access an invalid memory address.

Impact Analysis

This vulnerability can cause the Linux kernel to crash (kernel splat) when the affected driver tries to set up interrupts on a device that does not have them. This can lead to system instability, unexpected reboots, or denial of service on systems using the bmc150 accelerometer driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart