CVE-2019-25162

HIGH

Linux Kernel 4.3.0-4.14.291 - Use-After-Free in I2C Adapter Structure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25162. PoCs published by uthrasri.

AI-analyzed exploit summary This repository contains kernel source code files related to the I2C subsystem, specifically focusing on the vulnerable components associated with CVE-2019-25162. The files include implementations for I2C board info registration, ACPI support, and core functionality, but do not contain an exploit PoC.

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag]

Exploits (1)

nomisec WRITEUP

by uthrasri · poc

https://github.com/uthrasri/CVE-2019-25162

View Code ZIP pw:eip

This repository contains kernel source code files related to the I2C subsystem, specifically focusing on the vulnerable components associated with CVE-2019-25162. The files include implementations for I2C board info registration, ACPI support, and core functionality, but do not contain an exploit PoC.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Linux Kernel I2C subsystem

No auth needed

Prerequisites: Access to vulnerable Linux kernel with I2C subsystem

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a

Patch

https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829

Patch

https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87

Patch

https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9

Patch

https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7

Patch

https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4

Patch

https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d

Patch

https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf

Scores

CVSS v3 7.8

EPSS 0.0038

EPSS Percentile 29.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (19)

Linux/Linux < 4.3

Linux/Linux 4.14.291 - 4.14.*

Linux/Linux 4.19.256 - 4.19.*

Linux/Linux 4.3

Linux/Linux 5.10.137 - 5.10.*

Linux/Linux 5.15.61 - 5.15.*

Linux/Linux 5.18.18 - 5.18.*

Linux/Linux 5.19.2 - 5.19.*

Linux/Linux 5.4.211 - 5.4.*

Linux/Linux 6.0

... and 9 more

Published Feb 26, 2024

Tracked Since Feb 18, 2026