{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-71193","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-31T11:36:51.189Z","datePublished":"2026-02-04T16:04:14.514Z","dateUpdated":"2026-05-11T21:56:27.748Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:56:27.748Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qusb2: Fix NULL pointer dereference on early suspend\n\nEnabling runtime PM before attaching the QPHY instance as driver data\ncan lead to a NULL pointer dereference in runtime PM callbacks that\nexpect valid driver data. There is a small window where the suspend\ncallback may run after PM runtime enabling and before runtime forbid.\nThis causes a sporadic crash during boot:\n\n```\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000a1\n[...]\nCPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.7+ #116 PREEMPT\nWorkqueue: pm pm_runtime_work\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : qusb2_phy_runtime_suspend+0x14/0x1e0 [phy_qcom_qusb2]\nlr : pm_generic_runtime_suspend+0x2c/0x44\n[...]\n```\n\nAttach the QPHY instance as driver data before enabling runtime PM to\nprevent NULL pointer dereference in runtime PM callbacks.\n\nReorder pm_runtime_enable() and pm_runtime_forbid() to prevent a\nshort window where an unnecessary runtime suspend can occur.\n\nUse the devres-managed version to ensure PM runtime is symmetrically\ndisabled during driver removal for proper cleanup."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/phy/qualcomm/phy-qcom-qusb2.c"],"versions":[{"version":"891a96f65ac3b12883ddbc6d1a9adf6e54dc903c","lessThan":"beba460a299150b5d8dcbe3474a8f4bdf0205180","status":"affected","versionType":"git"},{"version":"891a96f65ac3b12883ddbc6d1a9adf6e54dc903c","lessThan":"d50a9b7fd07296a1ab81c49ceba14cae3d31df86","status":"affected","versionType":"git"},{"version":"891a96f65ac3b12883ddbc6d1a9adf6e54dc903c","lessThan":"4ac15caa27ff842b068a54f1c6a8ff8b31f658e7","status":"affected","versionType":"git"},{"version":"891a96f65ac3b12883ddbc6d1a9adf6e54dc903c","lessThan":"1ca52c0983c34fca506921791202ed5bdafd5306","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/phy/qualcomm/phy-qcom-qusb2.c"],"versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","status":"unaffected","versionType":"semver"},{"version":"6.6.122","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.67","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.7","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.6.122"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.12.67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.18.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/beba460a299150b5d8dcbe3474a8f4bdf0205180"},{"url":"https://git.kernel.org/stable/c/d50a9b7fd07296a1ab81c49ceba14cae3d31df86"},{"url":"https://git.kernel.org/stable/c/4ac15caa27ff842b068a54f1c6a8ff8b31f658e7"},{"url":"https://git.kernel.org/stable/c/1ca52c0983c34fca506921791202ed5bdafd5306"}],"title":"phy: qcom-qusb2: Fix NULL pointer dereference on early suspend","x_generator":{"engine":"bippy-1.2.0"}}}}