vulnerability

SUSE: CVE-2025-22084: SUSE Linux Security Advisory

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Dec 5, 2025
Added
Dec 5, 2025
Modified
Dec 5, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

w1: fix NULL pointer dereference in probe

The w1_uart_probe() function calls w1_uart_serdev_open() (which includes
devm_serdev_device_open()) before setting the client ops via
serdev_device_set_client_ops(). This ordering can trigger a NULL pointer
dereference in the serdev controller's receive_buf handler, as it assumes
serdev->ops is valid when SERPORT_ACTIVE is set.

This is similar to the issue fixed in commit 5e700b384ec1
("platform/chrome: cros_ec_uart: properly fix race condition") where
devm_serdev_device_open() was called before fully initializing the
device.

Fix the race by ensuring client ops are set before enabling the port via
w1_uart_serdev_open().

Solutions

suse-upgrade-kernel-64kbsuse-upgrade-kernel-64kb-develsuse-upgrade-kernel-64kb-extrasuse-upgrade-kernel-azuresuse-upgrade-kernel-azure-develsuse-upgrade-kernel-azure-extrasuse-upgrade-kernel-azure-vdsosuse-upgrade-kernel-defaultsuse-upgrade-kernel-default-develsuse-upgrade-kernel-default-extrasuse-upgrade-kernel-default-livepatchsuse-upgrade-kernel-default-vdsosuse-upgrade-kernel-develsuse-upgrade-kernel-devel-azuresuse-upgrade-kernel-docssuse-upgrade-kernel-docs-htmlsuse-upgrade-kernel-kvmsmallsuse-upgrade-kernel-kvmsmall-develsuse-upgrade-kernel-kvmsmall-vdsosuse-upgrade-kernel-macrossuse-upgrade-kernel-obs-qasuse-upgrade-kernel-sourcesuse-upgrade-kernel-source-azuresuse-upgrade-kernel-source-vanillasuse-upgrade-kernel-symssuse-upgrade-kernel-zfcpdump

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today