Fixed
Created: Apr 17, 2025
Updated: Jun 10, 2025
Resolved Date: May 28, 2025
Found In Version: 10.22.33.1
Fix Version: 10.22.33.21
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:
thermal: int340x: Add NULL check for adev
Not all devices have an ACPI companion fwnode, so adev might be NULL.
This is similar to the commit cd2fd6eab480
("platform/x86: int3472: Check for adev == NULL").
Add a check for adev not being set and return -ENODEV in that case to
avoid a possible NULL pointer deref in int3402_thermal_probe().
Note, under the same directory, int3400_thermal_probe() has such a
check.
rjw: Subject edit, added Fixes: ]
CREATE(Triage):(User=admin) [CVE-2025-23136 (https://nvd.nist.gov/vuln/detail/CVE-2025-23136)
