Primary

Context

Linux Kernel NULL Pointer Dereference Vulnerability in Power Supply Sysfs

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's handling of power supply sysfs entries, specifically within the USB Type-C UCSI subsystem. This issue arose from a recent commit that introduced a regression by altering error handling in a way that left stale sysfs entries with NULL operations unaddressed. As a result, the power device associated with these entries was not properly released, leading to the NULL dereference.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, which can lead to a system crash or instability.

Remediation

The vulnerability has been addressed by reverting the problematic commit, restoring the previous error handling that properly managed the sysfs entries.

Added: Jun 18, 2025, 10:13 PM

Updated: Jun 18, 2025, 10:13 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in Power Supply Sysfs

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating