SB20250529149 - NULL pointer dereference in Linux kernel typec ucsi driver
Published: May 29, 2025
Security Bulletin ID
SB20250529149
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-37994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_displayport_remove_partner() function in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/076ab0631ed4928905736f1701e25f1e722bc086
- https://git.kernel.org/stable/c/14f298c52188c34acde9760bf5abc669c5c36fdb
- https://git.kernel.org/stable/c/312d79669e71283d05c05cc49a1a31e59e3d9e0e
- https://git.kernel.org/stable/c/5ad298d6d4aebe1229adba6427e417e89a5208d8
- https://git.kernel.org/stable/c/7804c4d63edfdd5105926cc291e806e8f4ce01b5
- https://git.kernel.org/stable/c/e9b63faf5c97deb43fc39a52edbc39d626cc14bf