SB2025100506 - NULL pointer dereference in Linux kernel hwmon driver
Published: October 5, 2025 Updated: October 27, 2025
Security Bulletin ID
SB2025100506
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2023-53612)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the coretemp_remove_core(), coretemp_cpu_online(), coretemp_cpu_offline() and coretemp_init() functions in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4000384684f612b3645a944f6acde0e65ac370b8
- https://git.kernel.org/stable/c/52ea47a0ddfbc5fe05e873d3f5a59db4ba3e03fe
- https://git.kernel.org/stable/c/5735878a7b7db7e9ce731cb36cec298a9de67549
- https://git.kernel.org/stable/c/6d03bbff456befeccdd4d663177c4d6c75d0c4ff
- https://git.kernel.org/stable/c/8fcdbc4bc01365f4b10fed7db544a3149e3054fd
- https://git.kernel.org/stable/c/c57a8d14d7880521150ee801d53a0a64fdffd9c8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3