CVE Catalog

CVE-2025-37972

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

In the Linux kernel's MTK PMIC keys driver (mtk-pmic-keys), a null pointer dereference vulnerability was found. The issue occurs when a button is not defined in the device tree (e.g., left floating), causing the code to access an uninitialized regs pointer.

Risk Assessment

This can lead to a kernel panic during driver initialization on MediaTek platforms where some buttons are physically absent. The risk affects system stability, especially in embedded devices.

Recommendation

Apply the patch available in the latest Linux kernel version, which uses the regs struct instead of the device tree pointer. It is recommended to update the kernel to a version containing the fix.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the code will try to dereference a null pointer. Let's use the regs struct instead as it is defined for all supported platforms. Note that it is ok setting the key reg even if that latter is disabled as the interrupt won't be enabled anyway.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS