CVE-2025-68330

CVE Details

Release Date:	2025-12-22
Impact:	Low	What is this?

Description

In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a kernel splat like this if the device has no interrupts: Unable to handle kernel NULL pointer dereference at virtual address 00000001 when read PC is at bmc150_accel_set_interrupt+0x98/0x194 LR is at __pm_runtime_resume+0x5c/0x64 (...) Call trace: bmc150_accel_set_interrupt from bmc150_accel_buffer_postenable+0x40/0x108 bmc150_accel_buffer_postenable from __iio_update_buffers+0xbe0/0xcbc __iio_update_buffers from enable_store+0x84/0xc8 enable_store from kernfs_fop_write_iter+0x154/0x1b4 This bug seems to have been in the driver since the beginning, but it only manifests recently, I do not know why. Store the IRQ number in the state struct, as this is a common pattern in other drivers, then use this to determine if we have IRQ support or not.

See more information about CVE-2025-68330 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	0.0
Vector String:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	None
Integrity Impact:	None
Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (kernel-uek)	ELSA-2026-50113	2026-02-15
Oracle Linux version 9 (kernel-uek)	ELSA-2026-50113	2026-02-15