Rapid7

vulnerability

Ubuntu: (Multiple Advisories) (CVE-2025-22084): Linux kernel vulnerabilities

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Apr 16, 2025
Added
Jun 26, 2025
Modified
Mar 27, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

w1: fix NULL pointer dereference in probe

The w1_uart_probe() function calls w1_uart_serdev_open() (which includes
devm_serdev_device_open()) before setting the client ops via
serdev_device_set_client_ops(). This ordering can trigger a NULL pointer
dereference in the serdev controller's receive_buf handler, as it assumes
serdev->ops is valid when SERPORT_ACTIVE is set.

This is similar to the issue fixed in commit 5e700b384ec1
("platform/chrome: cros_ec_uart: properly fix race condition") where
devm_serdev_device_open() was called before fully initializing the
device.

Fix the race by ensuring client ops are set before enabling the port via
w1_uart_serdev_open().

Solutions

ubuntu-upgrade-linux-image-6-11-0-1011-realtimeubuntu-upgrade-linux-image-6-11-0-1014-raspiubuntu-upgrade-linux-image-6-11-0-1015-awsubuntu-upgrade-linux-image-6-11-0-1015-lowlatencyubuntu-upgrade-linux-image-6-11-0-1015-lowlatency-64kubuntu-upgrade-linux-image-6-11-0-1016-gcpubuntu-upgrade-linux-image-6-11-0-1016-gcp-64kubuntu-upgrade-linux-image-6-11-0-1017-oracleubuntu-upgrade-linux-image-6-11-0-1017-oracle-64kubuntu-upgrade-linux-image-6-11-0-1018-azureubuntu-upgrade-linux-image-6-11-0-1018-azure-fdeubuntu-upgrade-linux-image-6-11-0-1024-oemubuntu-upgrade-linux-image-6-11-0-28-genericubuntu-upgrade-linux-image-6-11-0-28-generic-64kubuntu-upgrade-linux-image-6-14-0-1004-realtimeubuntu-upgrade-linux-image-6-14-0-1007-awsubuntu-upgrade-linux-image-6-14-0-1007-aws-64kubuntu-upgrade-linux-image-6-14-0-1007-azureubuntu-upgrade-linux-image-6-14-0-1007-azure-fdeubuntu-upgrade-linux-image-6-14-0-1007-oracleubuntu-upgrade-linux-image-6-14-0-1007-oracle-64kubuntu-upgrade-linux-image-6-14-0-1007-raspiubuntu-upgrade-linux-image-6-14-0-1008-gcpubuntu-upgrade-linux-image-6-14-0-1008-gcp-64kubuntu-upgrade-linux-image-6-14-0-22-genericubuntu-upgrade-linux-image-6-14-0-22-generic-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-64kubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-6-11ubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-fde-6-11ubuntu-upgrade-linux-image-azure-fde-edgeubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-6-11ubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-6-11ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04ubuntu-upgrade-linux-image-lowlatency-hwe-24-04ubuntu-upgrade-linux-image-oem-24-04bubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-24-04

References

    Title
    Rapid7 Labs

    2026 Global Threat Landscape Report

    The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

    Get report