CVE-2025-22078: staging: vchiq_arm: Fix possible NPR of keep-alive thread

Description

In the Linux kernel, the following vulnerability has been resolved:

staging: vchiq_arm: Fix possible NPR of keep-alive thread

In case vchiq_platform_conn_state_changed() is never called or fails before
driver removal, ka_thread won't be a valid pointer to a task_struct. So
do the necessary checks before calling kthread_stop to avoid a crash.

Classification

CVE ID: CVE-2025-22078

Affected Products

Vendor: Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.91% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22078
https://git.kernel.org/stable/c/1817c4b85011998604e5ff9a80a6e01adb7e7e81
https://git.kernel.org/stable/c/a915c896f95a989a7759a73f8c064f5dc3775175
https://git.kernel.org/stable/c/bd38395b901327f77a82112f006240de22cf2ceb
https://git.kernel.org/stable/c/3db89bc6d973e2bcaa852f6409c98c228f39a926

Timeline

2025-04-16 15:40:36 UTC
CVE

staging: vchiq_arm: Fix possible NPR of keep-alive thread