CVE-2025-23136 in Linux
Summary
by MITRE • 04/16/2025
In the Linux kernel, the following vulnerability has been resolved:
thermal: int340x: Add NULL check for adev
Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL").
Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe().
Note, under the same directory, int3400_thermal_probe() has such a check.
[ rjw: Subject edit, added Fixes: ]
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/15/2026
The vulnerability identified as CVE-2025-23136 resides within the Linux kernel's thermal subsystem, specifically affecting the int340x thermal driver implementation. This issue demonstrates a classic null pointer dereference vulnerability that can occur when the kernel attempts to access device information without proper validation of the device structure's existence. The problem manifests in the thermal subsystem's handling of ACPI companion fwnode devices, where the kernel fails to verify that a device structure has been properly initialized before attempting to access it. This particular flaw affects the int340x thermal driver family which is responsible for managing thermal sensors and cooling devices in certain hardware platforms, particularly those implementing the int340x thermal device specification.
The technical root cause of this vulnerability stems from the assumption that all devices within the ACPI framework will have a properly associated fwnode companion structure. However, in certain hardware configurations or edge cases, the adev variable may remain uninitialized or explicitly set to NULL, creating a scenario where subsequent code attempts to dereference this null pointer. The vulnerability is particularly concerning because it occurs during the device probe phase of thermal subsystem initialization, which means it can potentially prevent proper thermal management functionality from initializing or cause system instability during boot processes. The flaw follows a pattern similar to previously identified issues in the same codebase, specifically referencing commit cd2fd6eab480 which addressed a similar null pointer condition in the int3472 thermal driver implementation. This demonstrates a recurring pattern in kernel development where similar device handling scenarios require consistent null pointer validation across different thermal driver implementations.
The operational impact of this vulnerability extends beyond simple system crashes or hangs, as it represents a potential security risk within the kernel's device management infrastructure. When a null pointer dereference occurs in kernel space, it can lead to system instability, denial of service conditions, or potentially provide an attacker with opportunities to escalate privileges or cause system compromise. The vulnerability affects systems that utilize the int340x thermal driver family, which is commonly found in laptops, desktops, and other computing platforms that implement specific thermal management hardware interfaces. The potential for exploitation is particularly concerning given that this occurs during kernel initialization, where an attacker with local access could potentially manipulate the device enumeration process to trigger this condition. This vulnerability aligns with CWE-476, which describes NULL pointer dereference conditions in software systems, and could potentially map to ATT&CK techniques involving privilege escalation or system instability through kernel exploitation.
The mitigation strategy for this vulnerability involves implementing a straightforward null pointer check within the int3402_thermal_probe() function, specifically verifying that the adev parameter is not NULL before proceeding with device operations. The fix follows established patterns within the kernel codebase, as evidenced by the fact that similar checks already exist in the int3400_thermal_probe() function within the same directory, demonstrating that the kernel maintainers have recognized and addressed this pattern of potential null pointer dereferences in related thermal drivers. The solution returns -ENODEV, which is a standard error code indicating that the device is not available, allowing the kernel to gracefully handle the situation rather than attempting to dereference a null pointer. This approach maintains system stability while ensuring that the thermal subsystem properly reports device unavailability, preventing potential system crashes or instability that could occur during normal operation or device enumeration. The fix represents a defensive programming technique that aligns with kernel development best practices and security hardening principles, ensuring that device drivers properly validate their inputs before attempting to access potentially uninitialized structures.