CVE-2025-68755

Summary

In the Linux kernel, the following vulnerability has been resolved:

staging: most: remove broken i2c driver

The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging.

Specifically, commit 723de0f9171e ("staging: most: remove device from interface structure") started requiring drivers to set the interface device pointer before registration, but the I2C driver was never updated which results in a NULL pointer dereference if anyone ever tries to probe it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux723de0f9171eeb49a3ae98cae82ebbbb992b3a7c < 6cbba922934805f86eece6ba7010b7201962695daffected
LinuxLinux723de0f9171eeb49a3ae98cae82ebbbb992b3a7c < 6059a66dba7f26b21852831432e17075f1a1c783affected
LinuxLinux723de0f9171eeb49a3ae98cae82ebbbb992b3a7c < e463548fd80e779efea1cb2d3049b8a7231e6925affected
LinuxLinux723de0f9171eeb49a3ae98cae82ebbbb992b3a7c < 495df2da6944477d282d5cc0c13174d06e25b310affected
LinuxLinux5.6affected
LinuxLinux0 < 5.6unaffected
LinuxLinux6.6.120 <= 6.6.*unaffected
LinuxLinux6.17.13 <= 6.17.*unaffected
LinuxLinux6.18.2 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References