CVE-2025-68303
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: intel: punit_ipc: fix memory corruption
This passes the address of the pointer "&punit_ipcdev" when the intent was to pass the pointer itself "punit_ipcdev" (without the ampersand). This means that the:
complete(&ipcdev->cmd_complete);
in intel_punit_ioc() will write to a wrong memory address corrupting it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | fdca4f16f57da76a8e68047923588a87d1c01f0a < 15d560cdf5b36c51fffec07ac2a983ab3bff4cb2 | affected |
| Linux | Linux | fdca4f16f57da76a8e68047923588a87d1c01f0a < 46e9d6f54184573dae1dcbcf6685a572ba6f4480 | affected |
| Linux | Linux | fdca4f16f57da76a8e68047923588a87d1c01f0a < 3e7442c5802146fd418ba3f68dcb9ca92b5cec83 | affected |
| Linux | Linux | fdca4f16f57da76a8e68047923588a87d1c01f0a < a21615a4ac6fecbb586d59fe2206b63501021789 | affected |
| Linux | Linux | fdca4f16f57da76a8e68047923588a87d1c01f0a < c2ee6d38996775a19bfdf20cb01a9b8698cb0baa | affected |
| Linux | Linux | fdca4f16f57da76a8e68047923588a87d1c01f0a < 9b9c0adbc3f8a524d291baccc9d0c04097fb4869 | affected |
| Linux | Linux | 4.5 | affected |
| Linux | Linux | 0 < 4.5 | unaffected |
| Linux | Linux | 5.15.197 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.159 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.119 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.61 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.11 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/15d560cdf5b36c51fffec07ac2a983ab3bff4cb2
- https://git.kernel.org/stable/c/46e9d6f54184573dae1dcbcf6685a572ba6f4480
- https://git.kernel.org/stable/c/3e7442c5802146fd418ba3f68dcb9ca92b5cec83
- https://git.kernel.org/stable/c/a21615a4ac6fecbb586d59fe2206b63501021789
- https://git.kernel.org/stable/c/c2ee6d38996775a19bfdf20cb01a9b8698cb0baa
- https://git.kernel.org/stable/c/9b9c0adbc3f8a524d291baccc9d0c04097fb4869
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.