Linux Kernel NULL Pointer Dereference Vulnerability in MIPI I3C Bus Management

Vulnerability

A vulnerability in the Linux kernel's handling of the MIPI I3C bus in DMA mode can lead to a NULL pointer dereference. This issue arises when the bus cleanup process triggers a RING_OP_STAT interrupt while the ring is being stopped. If the interrupt handler executes after the io_data pointer has been nullified, it can cause a crash in the hci_dma_irq_handler(). The vulnerability has been addressed by masking the ring interrupts before initiating the ring stop request.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in MIPI I3C Bus Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating