CVE-2025-71193NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.1MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data. There is a small window where the suspend callback may run after PM runtime enabling and before runtime forbid. This causes a sporadic crash during boot: ``` Unable to handle kernel NULL pointer derefer

Affected Packages4 packages

Linuxlinux/linux_kernel4.17.06.6.122+2
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linux891a96f65ac3b12883ddbc6d1a9adf6e54dc903cbeba460a299150b5d8dcbe3474a8f4bdf0205180+4
debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

3
OSV
phy: qcom-qusb2: Fix NULL pointer dereference on early suspend2026-02-04
GHSA
GHSA-wqf4-5q2q-7334: In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime2026-02-04
OSV
CVE-2025-71193: In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM2026-02-04

📋Vendor Advisories

2
Red Hat
kernel: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend2026-02-04
Debian
CVE-2025-71193: linux - In the Linux kernel, the following vulnerability has been resolved: phy: qcom-q...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-71193 Impact, Exploitability, and Mitigation Steps | Wiz