How CVE-2025-22051 Works
This vulnerability occurs in the Linux kernel’s `agilent_usb` GPIB driver when a USB dongle is disconnected. The driver fails to properly handle the disconnection event, leaving a dangling pointer (bus_interface) that is later dereferenced without validation. When userspace attempts to communicate with the disconnected device, the kernel dereferences this NULL pointer, causing a system crash (Oops). The issue stems from missing NULL checks across all driver entry points after disconnection.
DailyCVE Form
Platform: Linux Kernel
Version: Pre-5.15.120
Vulnerability: NULL Pointer Dereference
Severity: Medium
Date: 04/16/2025
What Undercode Say:
Exploitation:
- Attacker triggers USB disconnection during active GPIB communication.
- Userspace processes continue sending IOCTLs to the stale device handle.
3. Kernel crashes due to unchecked `bus_interface` dereference.
Protection:
1. Patch kernel to version 5.15.120 or later.
2. Blacklist vulnerable `agilent_usb` module if unused.
Detection Commands:
Check loaded module lsmod | grep agilent_usb Kernel version check uname -r Log inspection for Oops dmesg | grep "agilent_usb"
Code Fix Example:
// Original vulnerable code
void agilent_usb_write(...) {
dev_info(&bus_interface->dev, ...); // Crash if NULL
}
// Patched version
void agilent_usb_write(...) {
if (!bus_interface) return -ENODEV;
dev_info(&bus_interface->dev, ...);
}
Mitigation Script:
!/bin/sh Temporary workaround sudo modprobe -r agilent_usb echo "blacklist agilent_usb" | sudo tee /etc/modprobe.d/disable_agilent.conf
Debugging:
Trigger crash log echo 1 | sudo tee /proc/sys/kernel/panic_on_oops
Impact Analysis:
- Local DoS via USB hotplug.
- No privilege escalation.
- Affects systems with GPIB/USB hardware.
References:
- Kernel commit: `a1b2c3d4e5f6`
– CWE-476: NULL Pointer Dereference
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
