I2C Driver Vulnerability in Linux Kernel Affects Multiple Systems
CVE-2025-68755
What is CVE-2025-68755?
A vulnerability in the Linux kernel's I2C driver has emerged due to the deprecation of the MOST I2C driver, which had remained broken for five years. The problem stems from the requirement that drivers must set the interface device pointer before registration, a standard not followed by the I2C driver. Consequently, this oversight leads to a NULL pointer dereference when the driver is probed, potentially causing system instability and security risks as it could allow for uncontrolled behavior in affected systems. System administrators are advised to review affected configurations and consider implementing immediate updates.
Affected Version(s)
Linux 723de0f9171eeb49a3ae98cae82ebbbb992b3a7c < 6059a66dba7f26b21852831432e17075f1a1c783
Linux 723de0f9171eeb49a3ae98cae82ebbbb992b3a7c
Linux 723de0f9171eeb49a3ae98cae82ebbbb992b3a7c < 495df2da6944477d282d5cc0c13174d06e25b310