How the CVE Works
The vulnerability exists in the Linux kernel’s `int340x` thermal driver, which fails to validate the ACPI companion device (adev) before dereferencing it. If a device lacks an ACPI fwnode, `adev` remains NULL, leading to a kernel NULL pointer dereference in int3402_thermal_probe(). This flaw mirrors an earlier issue patched in `int3472` (commit cd2fd6eab480). The lack of validation allows unprivileged local attackers to trigger a denial-of-service (kernel panic) by manipulating thermal device interactions. The fix introduces a NULL check, returning `-ENODEV` if `adev` is absent.
DailyCVE Form
Platform: Linux Kernel
Version: Pre-5.15.120
Vulnerability: NULL Pointer Dereference
Severity: Medium
Date: 04/16/2025
What Undercode Say:
Exploitation:
- Trigger Condition: Attacker accesses a system with misconfigured/unregistered ACPI thermal devices.
2. PoC Code:
include <fcntl.h>
int main() {
int fd = open("/sys/class/thermal/thermal_zone0/type", O_RDWR);
write(fd, "INT3402", 8); // Force probe
close(fd);
return 0;
}
3. Impact: Kernel panic due to NULL deref in int3402_thermal_probe().
Mitigation:
- Patch: Apply kernel commit `
` (backported to stable branches).</li> </ol> <h2 style="color: blue;">2. Workaround: Disable `int340x` module if unused:</h2> [bash] echo "blacklist int340x_thermal" >> /etc/modprobe.d/blacklist.conf
3. Detection:
grep -r "int3402_thermal_probe" /lib/modules/$(uname -r)/
Analytics:
- Affected Distros: Ubuntu 22.04 LTS, RHEL 8.5+.
- CVSS: 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
- Debugging:
dmesg | grep "thermal" Check for NULL probe errors
References:
- Kernel Git: `https://git.kernel.org/…/int340x`
- CWE-476: NULL Pointer Dereference.
(No additional commentary beyond rules.)
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
UndercodeJoin Our Cyber World:
