Linux Kernel QCOM QMP Combo PHY NULL Pointer Dereference Vulnerability on Runtime Resume

Vulnerability

A vulnerability in the Linux kernel's QCOM QMP Combo PHY driver can lead to a NULL pointer dereference during runtime resume. This issue arises on platforms like SC7180, which do not provide a PCS_USB offset. The vulnerability was introduced when support for a separate PCS_USB region was added, but the wrong base was used, causing the NULL dereference.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel QCOM QMP Combo PHY NULL Pointer Dereference Vulnerability on Runtime Resume

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating