CVE-2025-23136

MEDIUM

Linux Kernel - NULL Pointer Dereference in int340x Thermal Driver

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL"). Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe(). Note, under the same directory, int3400_thermal_probe() has such a check. [ rjw: Subject edit, added Fixes: ]

References (11)

Core 11
Core References

Scores

CVSS v3 5.5
EPSS 0.0016
EPSS Percentile 6.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (29)
linux/Kernel 3.18.0 - 5.4.292linux
linux/Kernel 5.11.0 - 5.15.180linux
linux/Kernel 5.16.0 - 6.1.134linux
linux/Kernel 5.5.0 - 5.10.236linux
linux/Kernel 6.13.0 - 6.13.11linux
linux/Kernel 6.14.0 - 6.14.2linux
linux/Kernel 6.2.0 - 6.6.87linux
linux/Kernel 6.7.0 - 6.12.23linux
Linux/Linux < 3.18
Linux/Linux 3.18
... and 19 more
Published Apr 16, 2025
Tracked Since Feb 18, 2026