Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open() before setting the client ops via serdev_device_set_client_ops(). This ordering can trigger a NULL pointer dereference in the serdev controller's receive_buf handler, as it assumes serdev->ops is valid when SERPORT_ACTIVE is set. This is similar to the issue fixed in commit 5e700b384ec1 ("platform/chrome: cros_ec_uart: properly fix race condition") where devm_serdev_device_open() was called before fully initializing the device. Fix the race by ensuring client ops are set before enabling the port via devm_serdev_device_open(). Note, serdev_device_set_baudrate() and serdev_device_set_flow_control() calls should be after the devm_serdev_device_open() call.

INFO

Published Date :

2025-02-09T11:37:25.264Z

Last Modified :

2025-10-01T19:57:10.798Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21685 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21685.

URL Resource
https://git.kernel.org/stable/c/3f67e07873df3c6d9ce2582260b83732e1d3a40b cve-icon cve-icon
https://git.kernel.org/stable/c/59616a91e5e74833b2008b56c66879857c616006 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025020931-CVE-2025-21685-d720@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21685 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21685 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact