Linux Kernel Vulnerability in Power Supply by Vendor
CVE-2025-38171

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38171?

In the Linux kernel, a vulnerability pertaining to the power supply component max77705 was discovered that involves an error handling flaw in the workqueue mechanism. The method create_singlethread_workqueue() was not properly handling error conditions, resulting in NULL being returned instead of expected error pointers. This oversight requires immediate attention, particularly in the probe details of the power supply, necessitating a cleanup of the workqueue during error paths to prevent potential misuse. Proper patching is crucial to maintaining system integrity and security.

Affected Version(s)

Linux a6a494c8e3ce1fe84aac538b087a4cab868ed83f < 7f16be2b2927fdcfe40b596b7411c46d23a82034

Linux a6a494c8e3ce1fe84aac538b087a4cab868ed83f < 11741b8e382d34b13277497ab91123d8b0b5c2db

Linux 6.15

References

https://git.kernel.org/stable/c/7f16be2b2927fdcfe40b596b7...

https://git.kernel.org/stable/c/11741b8e382d34b13277497ab...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025