CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37972: Input: mtk-pmic-keys - fix possible null pointer dereference

Description

In the Linux kernel, the following vulnerability has been resolved:

Input: mtk-pmic-keys - fix possible null pointer dereference

In mtk_pmic_keys_probe, the regs parameter is only set if the button is
parsed in the device tree. However, on hardware where the button is left
floating, that node will most likely be removed not to enable that
input. In that case the code will try to dereference a null pointer.

Let's use the regs struct instead as it is defined for all supported
platforms. Note that it is ok setting the key reg even if that latter is
disabled as the interrupt won't be enabled anyway.

Classification

CVE ID: CVE-2025-37972

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.93% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37972
https://git.kernel.org/stable/c/334d74a798463ceec02a41eb0e2354aaac0d6249
https://git.kernel.org/stable/c/90fa6015ff83ef1c373cc61b7c924ab2bcbe1801
https://git.kernel.org/stable/c/619c05fb176c272ac6cecf723446b39723ee6d97
https://git.kernel.org/stable/c/09429ddb5a91e9e8f72cd18c012ec4171c2f85ec
https://git.kernel.org/stable/c/11cdb506d0fbf5ac05bf55f5afcb3a215c316490

Timeline

2025-05-20 17:40:22 UTC
CVE

Input: mtk-pmic-keys - fix possible null pointer dereference