← Retour aux CVEs

CVE-2025-37972

MEDIUM

5.5

Description

In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the code will try to dereference a null pointer. Let's use the regs struct instead as it is defined for all supported platforms. Note that it is ok setting the key reg even if that latter is disabled as the interrupt won't be enabled anyway.

Details CVE

Score CVSS v3.15.5

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie5/20/2025

Derniere modification12/16/2025

Sourcenvd

Observations honeypot0

Produits affectes

debian:debian_linuxlinux:linux_kernel

Faiblesses (CWE)

CWE-476

References

https://git.kernel.org/stable/c/09429ddb5a91e9e8f72cd18c012ec4171c2f85ec(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/11cdb506d0fbf5ac05bf55f5afcb3a215c316490(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/334d74a798463ceec02a41eb0e2354aaac0d6249(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/619c05fb176c272ac6cecf723446b39723ee6d97(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/90fa6015ff83ef1c373cc61b7c924ab2bcbe1801(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.