Linux Kernel extcon Device Driver Data Handling Vulnerability Leading to Kernel Oops

Vulnerability

A vulnerability in the Linux kernel's extcon device management can lead to a kernel Oops error. This issue arises because the state_show function can be called intermittently before the driver data is fully set, causing a null reference that triggers the Oops error. The vulnerability has been addressed by modifying the driver registration process to occur after the driver data is established.

Impact

Exploitation of this vulnerability can cause a kernel Oops, disrupting system operations by introducing a null pointer dereference error, which can lead to system instability or crashes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel extcon Device Driver Data Handling Vulnerability Leading to Kernel Oops

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating