Primary

Context

Linux Kernel NULL Pointer Dereference Vulnerability in USB XHCI Platform Driver

Vulnerability

A vulnerability in the Linux kernel's USB XHCI platform driver can lead to a NULL pointer dereference. This issue arises because the 'shared_hcd' field can be NULL, causing a kernel crash (referred to as an 'Oops' error) during the removal of the USB host controller. The vulnerability has been observed in the 5.19.0-rc7 kernel version.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, leading to a system crash.

Reproduction

The vulnerability can be reproduced by triggering a system shutdown while the USB XHCI platform driver is active. This can be done by disconnecting USB devices or deregistering USB buses, which will cause the driver to attempt to remove the host controller. If 'shared_hcd' is NULL, the removal process will attempt to access a NULL pointer, causing a kernel crash.

Added: Jun 18, 2025, 4:11 PM

Updated: Jun 18, 2025, 4:11 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in USB XHCI Platform Driver

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating