CVE-2025-37781

Source
https://cve.org/CVERecord?id=CVE-2025-37781
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37781.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37781
Downstream
Related
Published
2025-05-01T13:07:18.390Z
Modified
2026-07-08T08:02:57.128108158Z
Summary
i2c: cros-ec-tunnel: defer probe if parent EC is not present
Details

In the Linux kernel, the following vulnerability has been resolved:

i2c: cros-ec-tunnel: defer probe if parent EC is not present

When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device will not be found, leading to NULL pointer dereference.

That can also be reproduced by unbinding the controller driver and then loading i2c-cros-ec-tunnel module (or binding the device).

[ 271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 271.998215] #PF: supervisor read access in kernel mode [ 272.003351] #PF: errorcode(0x0000) - not-present page [ 272.008485] PGD 0 P4D 0 [ 272.011022] Oops: Oops: 0000 [#1] SMP NOPTI [ 272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S 6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full) 3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5 [ 272.030312] Tainted: [S]=CPUOUTOFSPEC [ 272.034233] Hardware name: HP Berknip/Berknip, BIOS GoogleBerknip.13434.356.0 05/17/2021 [ 272.042400] RIP: 0010:eci2cprobe+0x2b/0x1c0 [i2ccrosectunnel] [ 272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 <49> 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9 [ 272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282 [ 272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000 [ 272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00 [ 272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000 [ 272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000 [ 272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10 [ 272.108198] FS: 00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000 [ 272.116282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0 [ 272.129155] Call Trace: [ 272.131606] <TASK> [ 272.133709] ? acpidevpmattach+0xdd/0x110 [ 272.137985] platformprobe+0x69/0xa0 [ 272.141652] really_probe+0x152/0x310 [ 272.145318] __driverprobedevice+0x77/0x110 [ 272.149678] driverprobedevice+0x1e/0x190 [ 272.153864] __driverattach+0x10b/0x1e0 [ 272.157790] ? driverattach+0x20/0x20 [ 272.161542] bus_foreachdev+0x107/0x150 [ 272.165553] busadddriver+0x15d/0x270 [ 272.169392] driverregister+0x65/0x110 [ 272.173232] ? cleanupmodule+0xa80/0xa80 [i2ccrosectunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698] [ 272.182617] dooneinitcall+0x110/0x350 [ 272.186543] ? securitykernfsinitsecurity+0x49/0xd0 [ 272.191682] ? __kernfsnewnode+0x1b9/0x240 [ 272.195954] ? security_kernfsinitsecurity+0x49/0xd0 [ 272.201093] ? __kernfsnewnode+0x1b9/0x240 [ 272.205365] ? kernfslinksibling+0x105/0x130 [ 272.209810] ? kernfsnextdescendantpost+0x1c/0xa0 [ 272.214773] ? kernfsactivate+0x57/0x70 [ 272.218699] ? kernfsaddone+0x118/0x160 [ 272.222710] ? __kernfscreatefile+0x71/0xa0 [ 272.227069] ? sysfsaddbinfilemodens+0xd6/0x110 [ 272.232033] ? internalcreate_group+0x453/0x4a0 [ 272.236651] ? __vunmaprangenoflush+0x214/0x2d0 [ 272.241355] ? __freefrozenpages+0x1dc/0x420 [ 272.245799] ? freevmapareanoflush+0x10a/0x1c0 [ 272.250505] ? loadmodule+0x1509/0x16f0 [ 272.254431] doinitmodule+0x60/0x230 [ 272.258181] __sesysfinitmodule+0x27a/0x370 [ 272.262627] dosyscall64+0x6a/0xf0 [ 272.266206] ? dosyscall64+0x76/0xf0 [ 272.269956] ? irqentryexittousermode+0x79/0x90 [ 272.274836] entrySYSCALL64afterhwframe+0x55/0x5d [ 272.279887] RIP: 0033:0x7b9309168d39 [ 272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8 [ 272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIGRAX: 000 ---truncated---

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37781.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9d230c9e4f4e67cb1c1cb9e0f6142da16b0f2796
Fixed
092de5ac8cb2eaa9593a765fa92ba39d8173f984
Fixed
b66d4910a608427367c4e21499e149f085782df7
Fixed
cd83035b6f2a102c2d5acd3bfb2a11ff967aaba6
Fixed
3090cad5ccff8963b95160f4060068048a1e4c4c
Fixed
e89bf1311d4497c6743f3021e9c481b16c3a41c9
Fixed
1355b5ca4782be85a2ef7275e4c508f770d0fb27
Fixed
da8edc9eb2516aface7f86be5fa6d09c0d07b9f8
Fixed
424eafe65647a8d6c690284536e711977153195a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37781.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.16.0
Fixed
5.4.293
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.237
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.181
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.135
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.88
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.25
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37781.json"