NULL pointer dereference in Linux kernel mfd driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-23146 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU108468
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-23146
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kb3930_probe() function in drivers/mfd/ene-kb3930.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 6.6 - 6.6.87
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.6:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.6:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.6:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.6:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.6:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.6:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.6.3:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2edb5b29b197d90b4d08cd45e911c0bcf24cb895
https://git.kernel.org/stable/c/4cdf1d2a816a93fa02f7b6b5492dc7f55af2a199
https://git.kernel.org/stable/c/6dc88993ee3fa8365ff6a5d6514702f70ba6863a
https://git.kernel.org/stable/c/76d0f4199bc5b51acb7b96c6663a8953543733ad
https://git.kernel.org/stable/c/7b47df6498f223c8956bfe0d994a0e42a520dfcd
https://git.kernel.org/stable/c/90ee23c2514a22a9c2bb39a540cbe1c9acb27d0b
https://git.kernel.org/stable/c/b1758417310d2cc77e52cd15103497e52e2614f6
https://git.kernel.org/stable/c/ea07760676bba49319d553af80c239da053b5fb1
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
