CVE-2025-23147

Summary

In the Linux kernel, the following vulnerability has been resolved:

i3c: Add NULL pointer check in i3c_master_queue_ibi()

The I3C master driver may receive an IBI from a target device that has not been probed yet. In such cases, the master calls i3c_master_queue_ibi() to queue an IBI work task, leading to "Unable to handle kernel read from unreadable memory" and resulting in a kernel panic.

Typical IBI handling flow:

  1. The I3C master scans target devices and probes their respective drivers.
  2. The target device driver calls i3c_device_request_ibi() to enable IBI and assigns dev->ibi = ibi.
  3. The I3C master receives an IBI from the target device and calls i3c_master_queue_ibi() to queue the target device driver’s IBI handler task.

However, since target device events are asynchronous to the I3C probe sequence, step 3 may occur before step 2, causing dev->ibi to be NULL, leading to a kernel panic.

Add a NULL pointer check in i3c_master_queue_ibi() to prevent accessing an uninitialized dev->ibi, ensuring stability.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 < 1b54faa5f47fa7c642179744aeff03f0810dc62eaffected
LinuxLinux3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 < 09359e7c8751961937cb5fc50220969b0a4e1058affected
LinuxLinux3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 < 3ba402610843d7d15c7f3966a461deeeaff7fba4affected
LinuxLinux3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 < d83b0c03ef8fbea2f03029a1cc1f5041f0e1d47faffected
LinuxLinux3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 < 6871a676aa534e8f218279672e0445c725f81026affected
LinuxLinux3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 < e6bba328578feb58c614c11868c259b40484c5faaffected
LinuxLinux3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 < fe4a4fc179b7898055555a11685915473588392eaffected
LinuxLinux3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 < ff9d61db59bb27d16d3f872bff2620d50856b80caffected
LinuxLinux3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 < bd496a44f041da9ef3afe14d1d6193d460424e91affected
LinuxLinux5.0affected
LinuxLinux0 < 5.0unaffected
LinuxLinux5.4.293 <= 5.4.*unaffected
LinuxLinux5.10.237 <= 5.10.*unaffected
LinuxLinux5.15.181 <= 5.15.*unaffected
LinuxLinux6.1.135 <= 6.1.*unaffected
LinuxLinux6.6.88 <= 6.6.*unaffected
LinuxLinux6.12.24 <= 6.12.*unaffected
LinuxLinux6.13.12 <= 6.13.*unaffected
LinuxLinux6.14.3 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References