CVE-2025-37784

net: ti: icss-iep: Fix possible NULL pointer dereference for perout request

Description

In the Linux kernel, the following vulnerability has been resolved: net: ti: icss-iep: Fix possible NULL pointer dereference for perout request The ICSS IEP driver tracks perout and pps enable state with flags. Currently when disabling pps and perout signals during icss_iep_exit(), results in NULL pointer dereference for perout. To fix the null pointer dereference issue, the icss_iep_perout_enable_hw function can be modified to directly clear the IEP CMP registers when disabling PPS or PEROUT, without referencing the ptp_perout_request structure, as its contents are irrelevant in this case.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7891619d21f07a88e0275d6d43db74035aa74f69
https://git.kernel.org/stable/c/da5035d7aeadcfa44096dd34689bfed6c657f559
https://git.kernel.org/stable/c/eeec66327001421531b3fb1a2ac32efc8a2493b0
https://git.kernel.org/stable/c/7349c9e9979333abfce42da5f9025598083b59c9

Frequently Asked Questions

What is the severity of CVE-2025-37784?
CVE-2025-37784 has not yet been assigned a CVSS score.
How to fix CVE-2025-37784?
To fix CVE-2025-37784, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37784 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37784 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37784?
CVE-2025-37784 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.