CVE-2025-37781: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device will not be found, leading to NULL pointer dereference. That can also be reproduced by unbinding the controller driver and then loading i2c-cros-ec-tunnel module (or binding the device). [ 271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 271.998215] #PF: supervisor read access in kernel mode [ 272.003351] #PF: error_code(0x0000) - not-present page [ 272.008485] PGD 0 P4D 0 [ 272.011022] Oops: Oops: 0000 [#1] SMP NOPTI [ 272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S 6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full) 3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5 [ 272.030312] Tainted: [S]=CPU_OUT_OF_SPEC [ 272.034233] Hardware name: HP Berknip/Berknip, BIOS Google_Berknip.13434.356.0 05/17/2021 [ 272.042400] RIP: 0010:ec_i2c_probe+0x2b/0x1c0 [i2c_cros_ec_tunnel] [ 272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 <49> 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9 [ 272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282 [ 272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000 [ 272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00 [ 272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000 [ 272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000 [ 272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10 [ 272.108198] FS: 00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000 [ 272.116282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0 [ 272.129155] Call Trace: [ 272.131606] <TASK> [ 272.133709] ? acpi_dev_pm_attach+0xdd/0x110 [ 272.137985] platform_probe+0x69/0xa0 [ 272.141652] really_probe+0x152/0x310 [ 272.145318] __driver_probe_device+0x77/0x110 [ 272.149678] driver_probe_device+0x1e/0x190 [ 272.153864] __driver_attach+0x10b/0x1e0 [ 272.157790] ? driver_attach+0x20/0x20 [ 272.161542] bus_for_each_dev+0x107/0x150 [ 272.165553] bus_add_driver+0x15d/0x270 [ 272.169392] driver_register+0x65/0x110 [ 272.173232] ? cleanup_module+0xa80/0xa80 [i2c_cros_ec_tunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698] [ 272.182617] do_one_initcall+0x110/0x350 [ 272.186543] ? security_kernfs_init_security+0x49/0xd0 [ 272.191682] ? __kernfs_new_node+0x1b9/0x240 [ 272.195954] ? security_kernfs_init_security+0x49/0xd0 [ 272.201093] ? __kernfs_new_node+0x1b9/0x240 [ 272.205365] ? kernfs_link_sibling+0x105/0x130 [ 272.209810] ? kernfs_next_descendant_post+0x1c/0xa0 [ 272.214773] ? kernfs_activate+0x57/0x70 [ 272.218699] ? kernfs_add_one+0x118/0x160 [ 272.222710] ? __kernfs_create_file+0x71/0xa0 [ 272.227069] ? sysfs_add_bin_file_mode_ns+0xd6/0x110 [ 272.232033] ? internal_create_group+0x453/0x4a0 [ 272.236651] ? __vunmap_range_noflush+0x214/0x2d0 [ 272.241355] ? __free_frozen_pages+0x1dc/0x420 [ 272.245799] ? free_vmap_area_noflush+0x10a/0x1c0 [ 272.250505] ? load_module+0x1509/0x16f0 [ 272.254431] do_init_module+0x60/0x230 [ 272.258181] __se_sys_finit_module+0x27a/0x370 [ 272.262627] do_syscall_64+0x6a/0xf0 [ 272.266206] ? do_syscall_64+0x76/0xf0 [ 272.269956] ? irqentry_exit_to_user_mode+0x79/0x90 [ 272.274836] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 272.279887] RIP: 0033:0x7b9309168d39 [ 272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8 [ 272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIG_RAX: 000 ---truncated---
AI Analysis
Technical Summary
CVE-2025-37781 is a vulnerability identified in the Linux kernel specifically affecting the i2c-cros-ec-tunnel driver. This driver is responsible for communication over the I2C bus with the Chrome OS Embedded Controller (EC). The vulnerability arises when both the i2c-cros-ec-tunnel and the EC driver are built into the kernel (built-in), causing the EC parent device to not be found during the probe phase. This results in a NULL pointer dereference, which is a type of memory access error where the kernel attempts to access memory at a null address, leading to a kernel oops or crash. The issue can also be triggered by unbinding the controller driver and subsequently loading the i2c-cros-ec-tunnel module or binding the device again. The kernel logs show a typical NULL pointer dereference with a supervisor read access fault, indicating a serious kernel-level fault. The root cause is the failure to defer the probe of the i2c-cros-ec-tunnel driver if the parent EC device is not present, leading to unsafe dereferencing of a null pointer. This vulnerability can cause system instability or denial of service (DoS) due to kernel crashes. The vulnerability affects Linux kernel versions containing the affected commit (hash 9d230c9e4f4e67cb1c1cb9e0f6142da16b0f2796) and is relevant to systems using the Chrome OS Embedded Controller interface via the i2c-cros-ec-tunnel driver. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and specific to hardware interfacing subsystems in Linux, particularly in Chrome OS or devices using similar EC implementations.
Potential Impact
For European organizations, the impact of CVE-2025-37781 primarily concerns systems running Linux kernels with built-in i2c-cros-ec-tunnel and EC drivers, which are typical in Chrome OS devices or specialized hardware platforms using embedded controllers for power management and security functions. The vulnerability can lead to kernel crashes resulting in denial of service, which could disrupt critical operations, especially in environments relying on Linux-based embedded systems or Chrome OS devices for endpoint computing. While the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability can cause operational downtime, data loss, or interruption of services. This is particularly relevant for sectors such as manufacturing, telecommunications, and public services that may use embedded Linux devices. Additionally, the inability to properly probe the EC device could impact device management and security features tied to the EC, potentially weakening device integrity. Given the kernel-level nature of the fault, recovery may require system reboots or kernel updates, which could be disruptive in production environments. However, since exploitation requires specific hardware configurations and driver states, the scope is somewhat limited but still significant for affected device users in Europe.
Mitigation Recommendations
Mitigation should focus on applying the official Linux kernel patches that address the probe deferral logic in the i2c-cros-ec-tunnel driver to ensure the EC parent device presence is correctly checked before dereferencing pointers. Organizations should: 1) Identify all Linux systems running kernels with the affected commit or versions and verify if they use the i2c-cros-ec-tunnel and EC drivers, especially in built-in configurations. 2) Update Linux kernels to the latest stable releases where this vulnerability is fixed. 3) For systems where kernel updates are not immediately feasible, avoid unbinding and rebinding the controller driver or loading the i2c-cros-ec-tunnel module dynamically, as this can trigger the fault. 4) Implement monitoring for kernel oops or crashes related to i2c-cros-ec-tunnel to detect potential exploitation or accidental triggers. 5) For Chrome OS devices, ensure firmware and OS updates are applied promptly. 6) In environments using embedded Linux devices, coordinate with hardware vendors to confirm patched firmware and kernel versions. 7) Establish incident response plans to handle potential denial of service events caused by this vulnerability. These steps go beyond generic advice by focusing on hardware-specific driver configurations and operational practices to reduce risk.
Affected Countries
Germany, France, United Kingdom, Netherlands, Finland, Sweden, Ireland
CVE-2025-37781: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device will not be found, leading to NULL pointer dereference. That can also be reproduced by unbinding the controller driver and then loading i2c-cros-ec-tunnel module (or binding the device). [ 271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 271.998215] #PF: supervisor read access in kernel mode [ 272.003351] #PF: error_code(0x0000) - not-present page [ 272.008485] PGD 0 P4D 0 [ 272.011022] Oops: Oops: 0000 [#1] SMP NOPTI [ 272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S 6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full) 3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5 [ 272.030312] Tainted: [S]=CPU_OUT_OF_SPEC [ 272.034233] Hardware name: HP Berknip/Berknip, BIOS Google_Berknip.13434.356.0 05/17/2021 [ 272.042400] RIP: 0010:ec_i2c_probe+0x2b/0x1c0 [i2c_cros_ec_tunnel] [ 272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 <49> 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9 [ 272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282 [ 272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000 [ 272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00 [ 272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000 [ 272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000 [ 272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10 [ 272.108198] FS: 00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000 [ 272.116282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0 [ 272.129155] Call Trace: [ 272.131606] <TASK> [ 272.133709] ? acpi_dev_pm_attach+0xdd/0x110 [ 272.137985] platform_probe+0x69/0xa0 [ 272.141652] really_probe+0x152/0x310 [ 272.145318] __driver_probe_device+0x77/0x110 [ 272.149678] driver_probe_device+0x1e/0x190 [ 272.153864] __driver_attach+0x10b/0x1e0 [ 272.157790] ? driver_attach+0x20/0x20 [ 272.161542] bus_for_each_dev+0x107/0x150 [ 272.165553] bus_add_driver+0x15d/0x270 [ 272.169392] driver_register+0x65/0x110 [ 272.173232] ? cleanup_module+0xa80/0xa80 [i2c_cros_ec_tunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698] [ 272.182617] do_one_initcall+0x110/0x350 [ 272.186543] ? security_kernfs_init_security+0x49/0xd0 [ 272.191682] ? __kernfs_new_node+0x1b9/0x240 [ 272.195954] ? security_kernfs_init_security+0x49/0xd0 [ 272.201093] ? __kernfs_new_node+0x1b9/0x240 [ 272.205365] ? kernfs_link_sibling+0x105/0x130 [ 272.209810] ? kernfs_next_descendant_post+0x1c/0xa0 [ 272.214773] ? kernfs_activate+0x57/0x70 [ 272.218699] ? kernfs_add_one+0x118/0x160 [ 272.222710] ? __kernfs_create_file+0x71/0xa0 [ 272.227069] ? sysfs_add_bin_file_mode_ns+0xd6/0x110 [ 272.232033] ? internal_create_group+0x453/0x4a0 [ 272.236651] ? __vunmap_range_noflush+0x214/0x2d0 [ 272.241355] ? __free_frozen_pages+0x1dc/0x420 [ 272.245799] ? free_vmap_area_noflush+0x10a/0x1c0 [ 272.250505] ? load_module+0x1509/0x16f0 [ 272.254431] do_init_module+0x60/0x230 [ 272.258181] __se_sys_finit_module+0x27a/0x370 [ 272.262627] do_syscall_64+0x6a/0xf0 [ 272.266206] ? do_syscall_64+0x76/0xf0 [ 272.269956] ? irqentry_exit_to_user_mode+0x79/0x90 [ 272.274836] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 272.279887] RIP: 0033:0x7b9309168d39 [ 272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8 [ 272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIG_RAX: 000 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2025-37781 is a vulnerability identified in the Linux kernel specifically affecting the i2c-cros-ec-tunnel driver. This driver is responsible for communication over the I2C bus with the Chrome OS Embedded Controller (EC). The vulnerability arises when both the i2c-cros-ec-tunnel and the EC driver are built into the kernel (built-in), causing the EC parent device to not be found during the probe phase. This results in a NULL pointer dereference, which is a type of memory access error where the kernel attempts to access memory at a null address, leading to a kernel oops or crash. The issue can also be triggered by unbinding the controller driver and subsequently loading the i2c-cros-ec-tunnel module or binding the device again. The kernel logs show a typical NULL pointer dereference with a supervisor read access fault, indicating a serious kernel-level fault. The root cause is the failure to defer the probe of the i2c-cros-ec-tunnel driver if the parent EC device is not present, leading to unsafe dereferencing of a null pointer. This vulnerability can cause system instability or denial of service (DoS) due to kernel crashes. The vulnerability affects Linux kernel versions containing the affected commit (hash 9d230c9e4f4e67cb1c1cb9e0f6142da16b0f2796) and is relevant to systems using the Chrome OS Embedded Controller interface via the i2c-cros-ec-tunnel driver. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and specific to hardware interfacing subsystems in Linux, particularly in Chrome OS or devices using similar EC implementations.
Potential Impact
For European organizations, the impact of CVE-2025-37781 primarily concerns systems running Linux kernels with built-in i2c-cros-ec-tunnel and EC drivers, which are typical in Chrome OS devices or specialized hardware platforms using embedded controllers for power management and security functions. The vulnerability can lead to kernel crashes resulting in denial of service, which could disrupt critical operations, especially in environments relying on Linux-based embedded systems or Chrome OS devices for endpoint computing. While the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability can cause operational downtime, data loss, or interruption of services. This is particularly relevant for sectors such as manufacturing, telecommunications, and public services that may use embedded Linux devices. Additionally, the inability to properly probe the EC device could impact device management and security features tied to the EC, potentially weakening device integrity. Given the kernel-level nature of the fault, recovery may require system reboots or kernel updates, which could be disruptive in production environments. However, since exploitation requires specific hardware configurations and driver states, the scope is somewhat limited but still significant for affected device users in Europe.
Mitigation Recommendations
Mitigation should focus on applying the official Linux kernel patches that address the probe deferral logic in the i2c-cros-ec-tunnel driver to ensure the EC parent device presence is correctly checked before dereferencing pointers. Organizations should: 1) Identify all Linux systems running kernels with the affected commit or versions and verify if they use the i2c-cros-ec-tunnel and EC drivers, especially in built-in configurations. 2) Update Linux kernels to the latest stable releases where this vulnerability is fixed. 3) For systems where kernel updates are not immediately feasible, avoid unbinding and rebinding the controller driver or loading the i2c-cros-ec-tunnel module dynamically, as this can trigger the fault. 4) Implement monitoring for kernel oops or crashes related to i2c-cros-ec-tunnel to detect potential exploitation or accidental triggers. 5) For Chrome OS devices, ensure firmware and OS updates are applied promptly. 6) In environments using embedded Linux devices, coordinate with hardware vendors to confirm patched firmware and kernel versions. 7) Establish incident response plans to handle potential denial of service events caused by this vulnerability. These steps go beyond generic advice by focusing on hardware-specific driver configurations and operational practices to reduce risk.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.940Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe83e5
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 7/3/2025, 11:13:36 PM
Last updated: 8/5/2025, 7:35:44 AM
Views: 13
Related Threats
CVE-2025-41242: Vulnerability in VMware Spring Framework
MediumCVE-2025-47206: CWE-787 in QNAP Systems Inc. File Station 5
HighCVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.