Primary

Context

Linux Kernel Aspeed LPC Snoop Channel Management Vulnerability Leading to NULL Pointer Dereference

Vulnerability

A vulnerability in the Linux kernel's handling of the Aspeed LPC snoop driver has been identified. The issue arises when channels that are not enabled are incorrectly managed, leading to a NULL pointer dereference. This vulnerability was observed in the 6.15.0-rc1 kernel version on ARM architecture, where an attempt to unbind a platform driver channel resulted in an internal error and a kernel oops, indicating a serious flaw that could be exploited to cause a denial of service.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, leading to a crash and potential denial of service.

Reproduction

The vulnerability can be reproduced by unbinding a channel that is not enabled in the Aspeed LPC snoop driver. This action triggers a NULL pointer dereference, causing a kernel oops error and a crash.

Added: Jul 28, 2025, 12:44 PM

Updated: Jul 28, 2025, 12:44 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Aspeed LPC Snoop Channel Management Vulnerability Leading to NULL Pointer Dereference

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating