Volerion logoVolerion
Volerion logoVolerion

Linux Kernel IOMMU/MediaTek Platform Resource Null Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's IOMMU/MediaTek implementation could lead to a null pointer dereference. The issue arises because the platform_get_resource() function may return a NULL pointer, which, if not properly checked, can cause a dereference error when resource_size() is called. This vulnerability has been addressed by adding a check for the return value of platform_get_resource() before using it.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by loading a device driver that uses the IOMMU/MediaTek functionality without the necessary platform resources. The missing resources will cause platform_get_resource() to return NULL, leading to a null pointer dereference when resource_size() is called.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been fixed.

Added: Oct 7, 2025, 6:33 PM
Updated: Oct 7, 2025, 6:33 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.