CVE-2025-21685 — NULL Pointer Dereference in Linux
Severity
4.7MEDIUMNVD
OSV5.5
EPSS
0.0%
top 99.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 9
Latest updateApr 23
Description
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race
The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open()
before setting the client ops via serdev_device_set_client_ops(). This
ordering can trigger a NULL pointer dereference in the serdev controller's
receive_buf handler, as it assumes serdev->ops is valid when
SERPORT_ACTIVE is set.
This is similar to the issue fixed in commit 5e700b384ec1
…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linuxb2ed33e8d486ab2f1920131dd76fab38c8ef3550 — 3f67e07873df3c6d9ce2582260b83732e1d3a40b+2
Patches
🔴Vulnerability Details
4OSV▶
linux, linux-aws, linux-gcp, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oem-6.11, linux-oracle, linux-raspi, linux-realtime vulnerabilities↗2025-04-23
OSV▶
CVE-2025-21685: In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_↗2025-02-09
GHSA▶
GHSA-j397-m7mx-jcv9: In the Linux kernel, the following vulnerability has been resolved:
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race
The yt2_138↗2025-02-09
📋Vendor Advisories
4Debian▶
CVE-2025-21685: linux - In the Linux kernel, the following vulnerability has been resolved: platform/x8...↗2025