CVE-2025-23136

In the Linux kernel, the following vulnerability has been resolved:

thermal: int340x: Add NULL check for adev

Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL").

Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe().

Note, under the same directory, int3400_thermal_probe() has such a check.

[ rjw: Subject edit, added Fixes: ]

Published: Apr 16, 2025
Updated: Apr 30, 2025
CVE: CVE-2025-23136
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.11	5.15.180
linux / linux_kernel	5.5	5.10.236
linux / linux_kernel	6.13	6.13.11
linux / linux_kernel	6.14	6.14.2
linux / linux_kernel	5.16	6.1.134
linux / linux_kernel	6.2	6.6.87
linux / linux_kernel	3.18	5.4.292
linux / linux_kernel	6.7	6.12.23

Vulnerability Database

289,599

CVE-2025-23136