Race Condition in Lenovo Yoga Tab 2 Pro Fast Charger Component
CVE-2025-21685

4.7MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 February 2025

Summary

A race condition exists in the 'yt2_1380_fc_serdev_probe()' function of the Lenovo Yoga Tab 2 Pro's fast charger component, where the function calls 'devm_serdev_device_open()' prior to setting the client operations via 'serdev_device_set_client_ops()'. This improper sequencing can lead to a NULL pointer dereference in the receive_buf handler of the serdev controller, resulting in potential system instability. The vulnerability is akin to a previous issue addressed in related bugs, where device initialization was insufficient before enabling critical operations. To mitigate this vulnerability, the fix ensures that client operations are properly configured before enabling the device port.

Affected Version(s)

Linux b2ed33e8d486ab2f1920131dd76fab38c8ef3550 < 3f67e07873df3c6d9ce2582260b83732e1d3a40b

Linux b2ed33e8d486ab2f1920131dd76fab38c8ef3550 < 59616a91e5e74833b2008b56c66879857c616006

Linux 6.10

References

https://git.kernel.org/stable/c/3f67e07873df3c6d9ce258226...

https://git.kernel.org/stable/c/59616a91e5e74833b2008b56c...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2025
Vulnerability Reserved
Dec 29, 2024