github - ghsa-j4j4-wgmj-58wh

ghsa-j4j4-wgmj-58wh

Vulnerability from github

Published

2025-12-16 15:30

Modified

2025-12-16 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

net: mdio: Check regmap pointer returned by device_node_to_regmap()

The call to device_node_to_regmap() in airoha_mdio_probe() can return an ERR_PTR() if regmap initialization fails. Currently, the driver stores the pointer without validation, which could lead to a crash if it is later dereferenced.

Add an IS_ERR() check and return the corresponding error code to make the probe path more robust.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-68187"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T14:15:51Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: Check regmap pointer returned by device_node_to_regmap()\n\nThe call to device_node_to_regmap() in airoha_mdio_probe() can return\nan ERR_PTR() if regmap initialization fails. Currently, the driver\nstores the pointer without validation, which could lead to a crash\nif it is later dereferenced.\n\nAdd an IS_ERR() check and return the corresponding error code to make\nthe probe path more robust.",
  "id": "GHSA-j4j4-wgmj-58wh",
  "modified": "2025-12-16T15:30:44Z",
  "published": "2025-12-16T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68187"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2b526c2cf57d14ee269e012ed179081871f45a1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc8ed3823473bb38ba43cfb34f1e1c1baa22f975"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-68187 (GCVE-0-2025-68187)

Vulnerability from cvelistv5

Published

2025-12-16 13:43

Modified

2025-12-16 13:43

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net: mdio: Check regmap pointer returned by device_node_to_regmap() The call to device_node_to_regmap() in airoha_mdio_probe() can return an ERR_PTR() if regmap initialization fails. Currently, the driver stores the pointer without validation, which could lead to a crash if it is later dereferenced. Add an IS_ERR() check and return the corresponding error code to make the probe path more robust.

References

URL

Tags

	https://git.kernel.org/stable/c/dc8ed3823473bb38ba43cfb34f1e1c1baa22f975
	https://git.kernel.org/stable/c/b2b526c2cf57d14ee269e012ed179081871f45a1

Impacted products

Vendor

Product

Version

Version: 67e3ba978361cb262f8f8981ab88ccb97f1e2bda
Version: 67e3ba978361cb262f8f8981ab88ccb97f1e2bda

Version: 6.17

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/mdio/mdio-airoha.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dc8ed3823473bb38ba43cfb34f1e1c1baa22f975",
              "status": "affected",
              "version": "67e3ba978361cb262f8f8981ab88ccb97f1e2bda",
              "versionType": "git"
            },
            {
              "lessThan": "b2b526c2cf57d14ee269e012ed179081871f45a1",
              "status": "affected",
              "version": "67e3ba978361cb262f8f8981ab88ccb97f1e2bda",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/mdio/mdio-airoha.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.17"
            },
            {
              "lessThan": "6.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.8",
                  "versionStartIncluding": "6.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: Check regmap pointer returned by device_node_to_regmap()\n\nThe call to device_node_to_regmap() in airoha_mdio_probe() can return\nan ERR_PTR() if regmap initialization fails. Currently, the driver\nstores the pointer without validation, which could lead to a crash\nif it is later dereferenced.\n\nAdd an IS_ERR() check and return the corresponding error code to make\nthe probe path more robust."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T13:43:04.691Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dc8ed3823473bb38ba43cfb34f1e1c1baa22f975"
        },
        {
          "url": "https://git.kernel.org/stable/c/b2b526c2cf57d14ee269e012ed179081871f45a1"
        }
      ],
      "title": "net: mdio: Check regmap pointer returned by device_node_to_regmap()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68187",
    "datePublished": "2025-12-16T13:43:04.691Z",
    "dateReserved": "2025-12-16T13:41:40.252Z",
    "dateUpdated": "2025-12-16T13:43:04.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.