CVE-2025-22052 is a vulnerability identified in the Linux kernel, specifically within the staging gpib driver for NI USB devices. The issue arises when a USB dongle is disconnected; subsequent calls to the driver result in a NULL pointer dereference leading to a kernel Oops. This occurs because the bus_interface pointer is set to NULL upon device disconnection, but the driver does not consistently check for this NULL state across all interface entry points. Previously, NULL checks were only performed in functions directly invoking usb_fill_bulk_urb or usb_control_msg, leaving other code paths vulnerable. The vulnerability was introduced when usb_dev was set from bus_interface for dev_xxx messages without comprehensive NULL validation. The fix involves adding checks for a valid bus_interface pointer at all interface entry points and returning an -ENODEV error code if the pointer is NULL, thereby preventing the kernel Oops. This vulnerability affects Linux kernel versions identified by the commit hash 4934b98bb24327c32ed55c96012f019932383da5 and was published on April 16, 2025. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.

For European organizations, this vulnerability primarily poses a risk to systems running affected Linux kernel versions with the NI USB gpib driver in use. The kernel Oops caused by the NULL dereference can lead to system instability or crashes, potentially causing denial of service (DoS) conditions on critical infrastructure or servers. While this vulnerability does not appear to allow privilege escalation or arbitrary code execution directly, the resulting system crashes could disrupt operations, especially in environments relying on USB-connected instrumentation or devices managed via the gpib driver. Industrial control systems, research labs, or manufacturing facilities using such hardware interfaces could experience operational interruptions. Additionally, repeated crashes might increase maintenance overhead and reduce system availability. Since exploitation requires the USB device to be disconnected and subsequent driver calls to be made, the attack vector is somewhat limited but still relevant in environments where USB devices are frequently connected and disconnected or where attackers have physical or logical access to USB devices.

European organizations should promptly update their Linux kernels to versions that include the patch for CVE-2025-22052. Specifically, ensure that the kernel version includes the fix that adds comprehensive NULL checks for the bus_interface pointer in the NI USB gpib driver. For environments where immediate patching is not feasible, organizations should implement strict controls on USB device usage, including restricting physical access to USB ports and monitoring USB device connections and disconnections. Additionally, system administrators should audit systems for the presence of the affected driver and kernel versions and consider disabling or unloading the gpib driver if it is not required. Implementing kernel crash monitoring and alerting can help detect and respond to any Oops events quickly. Finally, organizations should review their incident response plans to handle potential denial of service incidents resulting from this vulnerability.