Main Vulnerability Database SB20251216106

SB20251216106 - NULL pointer dereference in Linux kernel controller cadence driver

Published: December 16, 2025

Security Bulletin ID SB20251216106

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2025-68176)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/pci/controller/cadence/pcie-cadence.h. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/0d0bb756f002810d249caee51f3f1c309f3cdab5
https://git.kernel.org/stable/c/1810b2fd7375de88a74976dcd402b29088e479ed
https://git.kernel.org/stable/c/363448d069e29685ca37a118065121e486387af3
https://git.kernel.org/stable/c/49a6c160ad4812476f8ae1a8f4ed6d15adfa6c09
https://git.kernel.org/stable/c/953eb3796ef06b8ea3bf6bdde14156255bc75866
https://git.kernel.org/stable/c/d5dbe92ac8a4ca6226093241f95f9cb1b0d2e0e1
https://git.kernel.org/stable/c/eb3d29ca0820fa3d7cccad47d2da56c9ab5469ed