CVE-2025-68755
BaseFortify
Publication date: 2026-01-05
Last updated on: 2026-01-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the MOST I2C driver in the Linux kernel, which has been broken for five years. A recent change required drivers to set the interface device pointer before registration, but the MOST I2C driver was never updated accordingly. This causes a NULL pointer dereference if the driver is ever probed, leading to potential system instability or crashes.
How can this vulnerability impact me? :
If the MOST I2C driver is probed, the NULL pointer dereference can cause system crashes or instability, potentially leading to denial of service or disruption of normal operations on affected Linux systems.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to remove the broken MOST I2C driver from the staging area of the Linux kernel, as it has been broken for years and can cause a NULL pointer dereference. Updating the kernel to a version that includes the fix (removal of the driver) is recommended.