{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-23147","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-01-11T14:28:41.513Z","datePublished":"2025-05-01T12:55:36.099Z","dateUpdated":"2026-05-11T21:13:51.636Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:13:51.636Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: Add NULL pointer check in i3c_master_queue_ibi()\n\nThe I3C master driver may receive an IBI from a target device that has not\nbeen probed yet. In such cases, the master calls `i3c_master_queue_ibi()`\nto queue an IBI work task, leading to \"Unable to handle kernel read from\nunreadable memory\" and resulting in a kernel panic.\n\nTypical IBI handling flow:\n1. The I3C master scans target devices and probes their respective drivers.\n2. The target device driver calls `i3c_device_request_ibi()` to enable IBI\n   and assigns `dev->ibi = ibi`.\n3. The I3C master receives an IBI from the target device and calls\n   `i3c_master_queue_ibi()` to queue the target device driver’s IBI\n   handler task.\n\nHowever, since target device events are asynchronous to the I3C probe\nsequence, step 3 may occur before step 2, causing `dev->ibi` to be `NULL`,\nleading to a kernel panic.\n\nAdd a NULL pointer check in `i3c_master_queue_ibi()` to prevent accessing\nan uninitialized `dev->ibi`, ensuring stability."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/i3c/master.c"],"versions":[{"version":"3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0","lessThan":"1b54faa5f47fa7c642179744aeff03f0810dc62e","status":"affected","versionType":"git"},{"version":"3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0","lessThan":"09359e7c8751961937cb5fc50220969b0a4e1058","status":"affected","versionType":"git"},{"version":"3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0","lessThan":"3ba402610843d7d15c7f3966a461deeeaff7fba4","status":"affected","versionType":"git"},{"version":"3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0","lessThan":"d83b0c03ef8fbea2f03029a1cc1f5041f0e1d47f","status":"affected","versionType":"git"},{"version":"3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0","lessThan":"6871a676aa534e8f218279672e0445c725f81026","status":"affected","versionType":"git"},{"version":"3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0","lessThan":"e6bba328578feb58c614c11868c259b40484c5fa","status":"affected","versionType":"git"},{"version":"3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0","lessThan":"fe4a4fc179b7898055555a11685915473588392e","status":"affected","versionType":"git"},{"version":"3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0","lessThan":"ff9d61db59bb27d16d3f872bff2620d50856b80c","status":"affected","versionType":"git"},{"version":"3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0","lessThan":"bd496a44f041da9ef3afe14d1d6193d460424e91","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/i3c/master.c"],"versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","status":"unaffected","versionType":"semver"},{"version":"5.4.293","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.237","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.181","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.135","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.88","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.24","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.12","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14.3","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.4.293"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.237"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.15.181"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.1.135"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.6.88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.12.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.13.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.14.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1b54faa5f47fa7c642179744aeff03f0810dc62e"},{"url":"https://git.kernel.org/stable/c/09359e7c8751961937cb5fc50220969b0a4e1058"},{"url":"https://git.kernel.org/stable/c/3ba402610843d7d15c7f3966a461deeeaff7fba4"},{"url":"https://git.kernel.org/stable/c/d83b0c03ef8fbea2f03029a1cc1f5041f0e1d47f"},{"url":"https://git.kernel.org/stable/c/6871a676aa534e8f218279672e0445c725f81026"},{"url":"https://git.kernel.org/stable/c/e6bba328578feb58c614c11868c259b40484c5fa"},{"url":"https://git.kernel.org/stable/c/fe4a4fc179b7898055555a11685915473588392e"},{"url":"https://git.kernel.org/stable/c/ff9d61db59bb27d16d3f872bff2620d50856b80c"},{"url":"https://git.kernel.org/stable/c/bd496a44f041da9ef3afe14d1d6193d460424e91"}],"title":"i3c: Add NULL pointer check in i3c_master_queue_ibi()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:42:41.362Z"}}]}}