CVE-2025-38266

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Commit 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multiple addresses") introduced an access to the 'soc' field of struct mtk_pinctrl in mtk_eint_do_init() and for that an include of pinctrl-mtk-common-v2.h. However, pinctrl drivers relying on the v1 common driver include pinctrl-mtk-common.h instead, which provides another definition of struct mtk_pinctrl that does not contain an 'soc' field. Since mtk_eint_do_init() can be called both by v1 and v2 drivers, it will now try to dereference an invalid pointer when called on v1 platforms. This has been observed on Genio 350 EVK (MT8365), which crashes very early in boot (the kernel trace can only be seen with earlycon). In order to fix this, since 'struct mtk_pinctrl' was only needed to get a 'struct mtk_eint_pin', make 'struct mtk_eint_pin' a parameter of mtk_eint_do_init() so that callers need to supply it, removing mtk_eint_do_init()'s dependency on any particular 'struct mtk_pinctrl'.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1c9977b263475373b31bbf86af94a5c9ae2be42c	Patch
https://git.kernel.org/stable/c/9ebe21ede792cef851847648962c363cac67d17f	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

18 Nov 2025, 18:29

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/1c9977b263475373b31bbf86af94a5c9ae2be42c -~~	() https://git.kernel.org/stable/c/1c9977b263475373b31bbf86af94a5c9ae2be42c - Patch
References	~~() https://git.kernel.org/stable/c/9ebe21ede792cef851847648962c363cac67d17f -~~	() https://git.kernel.org/stable/c/9ebe21ede792cef851847648962c363cac67d17f - Patch
First Time		Linux Linux linux Kernel
CWE		CWE-476

10 Jul 2025, 13:17

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: mediatek: eint: Corrección de la desreferencia de puntero no válida para plataformas v1. El commit 3ef9f710efcb ("pinctrl: mediatek: Añadir compatibilidad con EINT para múltiples direcciones") introdujo un acceso al campo 'soc' de struct mtk_pinctrl en mtk_eint_do_init() y, para ello, la inclusión de pinctrl-mtk-common-v2.h. Sin embargo, los controladores pinctrl que dependen del controlador común v1 incluyen pinctrl-mtk-common.h, que proporciona otra definición de struct mtk_pinctrl que no contiene el campo 'soc'. Dado que mtk_eint_do_init() puede ser invocado tanto por controladores v1 como v2, ahora intentará desreferenciar un puntero no válido al invocarlo en plataformas v1. Esto se ha observado en Genio 350 EVK (MT8365), que se bloquea al inicio (la traza del kernel solo se puede ver con earlycon). Para solucionarlo, dado que 'struct mtk_pinctrl' solo era necesario para obtener un 'struct mtk_eint_pin', se debe convertir 'struct mtk_eint_pin' en un parámetro de mtk_eint_do_init() para que quienes lo invoquen deban proporcionarlo, eliminando así la dependencia de mtk_eint_do_init() de cualquier 'struct mtk_pinctrl' en particular.

10 Jul 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 08:15

Updated : 2025-11-18 18:29

NVD link : CVE-2025-38266

Mitre link : CVE-2025-38266

CVE.ORG link : CVE-2025-38266

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10