CVE-2025-23147

i3c: Add NULL pointer check in i3c_master_queue_ibi()

Description

In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in i3c_master_queue_ibi() The I3C master driver may receive an IBI from a target device that has not been probed yet. In such cases, the master calls `i3c_master_queue_ibi()` to queue an IBI work task, leading to "Unable to handle kernel read from unreadable memory" and resulting in a kernel panic. Typical IBI handling flow: 1. The I3C master scans target devices and probes their respective drivers. 2. The target device driver calls `i3c_device_request_ibi()` to enable IBI and assigns `dev->ibi = ibi`. 3. The I3C master receives an IBI from the target device and calls `i3c_master_queue_ibi()` to queue the target device driver’s IBI handler task. However, since target device events are asynchronous to the I3C probe sequence, step 3 may occur before step 2, causing `dev->ibi` to be `NULL`, leading to a kernel panic. Add a NULL pointer check in `i3c_master_queue_ibi()` to prevent accessing an uninitialized `dev->ibi`, ensuring stability.

N/A
CVSS
Severity:
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/1b54faa5f47fa7c642179744aeff03f0810dc62e
https://git.kernel.org/stable/c/09359e7c8751961937cb5fc50220969b0a4e1058
https://git.kernel.org/stable/c/3ba402610843d7d15c7f3966a461deeeaff7fba4
https://git.kernel.org/stable/c/d83b0c03ef8fbea2f03029a1cc1f5041f0e1d47f
https://git.kernel.org/stable/c/6871a676aa534e8f218279672e0445c725f81026
https://git.kernel.org/stable/c/e6bba328578feb58c614c11868c259b40484c5fa
https://git.kernel.org/stable/c/fe4a4fc179b7898055555a11685915473588392e
https://git.kernel.org/stable/c/ff9d61db59bb27d16d3f872bff2620d50856b80c
https://git.kernel.org/stable/c/bd496a44f041da9ef3afe14d1d6193d460424e91

Frequently Asked Questions

What is the severity of CVE-2025-23147?
CVE-2025-23147 has not yet been assigned a CVSS score.
How to fix CVE-2025-23147?
To fix CVE-2025-23147, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-23147 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-23147 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-23147?
CVE-2025-23147 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.