CVE-2025-22084 in Linux
Summary
by MITRE • 04/16/2025
In the Linux kernel, the following vulnerability has been resolved:
w1: fix NULL pointer dereference in probe
The w1_uart_probe() function calls w1_uart_serdev_open() (which includes devm_serdev_device_open()) before setting the client ops via serdev_device_set_client_ops(). This ordering can trigger a NULL pointer dereference in the serdev controller's receive_buf handler, as it assumes serdev->ops is valid when SERPORT_ACTIVE is set.
This is similar to the issue fixed in commit 5e700b384ec1 ("platform/chrome: cros_ec_uart: properly fix race condition") where devm_serdev_device_open() was called before fully initializing the device.
Fix the race by ensuring client ops are set before enabling the port via w1_uart_serdev_open().
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/15/2026
The vulnerability identified as CVE-2025-22084 affects the Linux kernel's 1-wire subsystem, specifically within the w1_uart driver implementation. This issue represents a classic race condition that can lead to system instability and potential denial of service scenarios. The problem manifests in the w1_uart_probe() function where improper function call ordering creates a temporal dependency that allows for a NULL pointer dereference during device initialization. The vulnerability is particularly concerning as it occurs during the kernel's device probe phase, which is a critical initialization step that can affect system boot processes and device management capabilities.
The technical flaw stems from the incorrect sequence of operations within the device initialization routine where w1_uart_serdev_open() is invoked before serdev_device_set_client_ops() completes its operation. This ordering issue creates a window of vulnerability where the serdev controller's receive_buf handler attempts to access serdev->ops structure while it remains uninitialized, resulting in a NULL pointer dereference. The flaw is categorized under CWE-362 as a race condition vulnerability, specifically involving improper initialization sequences that create temporal dependencies between concurrent operations. This pattern of improper ordering is reminiscent of similar issues found in other kernel subsystems, as evidenced by the reference to commit 5e700b384ec1 that addressed comparable race conditions in the chrome platform's cros_ec_uart driver.
The operational impact of this vulnerability extends beyond simple system crashes, potentially affecting embedded systems and devices that rely heavily on 1-wire communication protocols for sensor data collection and device management. Systems utilizing w1_uart drivers for critical applications such as industrial monitoring, IoT deployments, or automotive systems could experience unexpected service disruptions when the vulnerability is triggered. The NULL pointer dereference can cause kernel panics, system hangs, or forced reboots that may compromise the availability of connected devices and the overall system reliability. Attackers who can control the device probe sequence or have access to the system during initialization could potentially exploit this vulnerability to cause denial of service conditions or escalate privileges through kernel memory corruption.
Mitigation strategies for CVE-2025-22084 involve implementing proper initialization sequencing within the kernel driver code to ensure client operations are fully established before enabling device port functionality. The fix requires reordering the function calls to set client operations before invoking w1_uart_serdev_open(), thereby eliminating the temporal race condition that enables the NULL pointer dereference. System administrators should prioritize applying kernel updates that contain the patched implementation, particularly in production environments where device stability is critical. Additionally, monitoring systems should be configured to detect potential kernel panics or unusual reboot patterns that could indicate exploitation attempts. The vulnerability demonstrates the importance of following proper initialization protocols and adheres to ATT&CK technique T1499.004 for network denial of service, as it can cause system availability issues through kernel-level disruptions. Organizations should also consider implementing runtime protections such as kernel module signing and integrity checking to prevent unauthorized modifications to kernel drivers that could introduce similar race conditions.