Primary

Context

Linux Kernel NULL Pointer Dereference Vulnerability in hwmon Driver

Vulnerability

Patched

A vulnerability exists in the Linux kernel's hwmon driver for the Congatec Board Controller. The issue arises because the driver allocates memory for sensor data using the devm_kzalloc() function without verifying if the allocation was successful. This oversight can lead to a kernel crash if the allocated memory is NULL and subsequently dereferenced. The vulnerability affects the stable version of the Linux kernel.

Impact

The vulnerability can be exploited to cause a kernel crash by dereferencing a NULL pointer, leading to a denial of service.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree, which adds the necessary NULL pointer check and properly handles memory allocation failures. Instructions for downloading this patched version can be found in the Linux kernel Git repository.

Added: Dec 4, 2025, 5:06 PM

Updated: Dec 4, 2025, 6:06 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in hwmon Driver

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating