CVE-2025-68755 Overview
A NULL pointer dereference vulnerability exists in the Linux kernel's MOST (Media Oriented Systems Transport) I2C driver within the staging subsystem. The vulnerability stems from a broken driver implementation that has been non-functional for approximately five years. Specifically, the driver fails to set the interface device pointer before registration, which was required after commit 723de0f9171e ("staging: most: remove device from interface structure"). If the I2C driver is probed, this results in a NULL pointer dereference.
Critical Impact
Attempting to probe the MOST I2C driver triggers a NULL pointer dereference, potentially causing kernel panic and system denial of service.
Affected Products
- Linux Kernel (staging/most subsystem)
- Systems with MOST I2C driver enabled in kernel configuration
Discovery Timeline
- 2026-01-05 - CVE CVE-2025-68755 published to NVD
- 2026-01-08 - Last updated in NVD database
Technical Details for CVE-2025-68755
Vulnerability Analysis
This vulnerability is a NULL Pointer Dereference within the Linux kernel's staging driver subsystem. The MOST I2C driver became broken following an architectural change introduced in commit 723de0f9171e, which modified the interface structure requirements. After this change, drivers were required to set the interface device pointer before calling the registration function. However, the MOST I2C driver was never updated to comply with this new requirement.
The vulnerability remained latent for approximately five years, indicating the driver had minimal practical usage. When the driver is probed (during device initialization or hot-plug events), the kernel attempts to access the uninitialized device pointer, resulting in a NULL pointer dereference that crashes the kernel.
Root Cause
The root cause is a missing initialization step in the MOST I2C driver. After the changes introduced by commit 723de0f9171e, all drivers using the MOST interface structure were required to populate the device pointer field before registration. The I2C driver implementation did not include this initialization, leaving the pointer as NULL. When kernel code subsequently attempts to dereference this pointer during driver operations, the NULL access triggers a kernel fault.
Attack Vector
The attack vector for this vulnerability is local and requires specific conditions to be met:
- The target system must have the MOST I2C driver compiled into the kernel or loaded as a module
- An I2C device matching the driver must be present or be simulated
- The driver probe function must be invoked through device enumeration
While exploitation requires local access and specific hardware/configuration conditions, successful triggering of the vulnerability results in a kernel panic, causing complete system unavailability. The vulnerability is primarily a reliability and availability issue rather than a confidentiality or integrity concern.
The NULL pointer dereference occurs when the registration code path attempts to access the interface device pointer that was never set during driver initialization. This missing initialization was an oversight when API requirements changed, breaking the driver silently until probe is attempted.
Detection Methods for CVE-2025-68755
Indicators of Compromise
- Kernel panic or oops messages referencing the most_i2c driver or staging/most subsystem
- System crashes during I2C device enumeration or hot-plug events
- Kernel log entries showing NULL pointer dereference stack traces with MOST-related functions
- Unexpected system reboots on systems with MOST hardware or configuration enabled
Detection Strategies
- Monitor kernel logs (dmesg, /var/log/kern.log) for NULL pointer dereference errors in staging/most code paths
- Check loaded kernel modules for most_i2c or related MOST staging drivers using lsmod
- Review kernel configuration to determine if CONFIG_MOST_I2C is enabled
- Use kernel tracing tools to monitor for faults in the staging/most driver subsystem
Monitoring Recommendations
- Configure kernel crash dump collection (kdump) to capture diagnostic information if NULL pointer dereference occurs
- Implement automated kernel log monitoring for staging driver errors
- Monitor system availability metrics to detect unexpected crashes that may indicate exploitation attempts
- Review kernel module load events for MOST-related drivers
How to Mitigate CVE-2025-68755
Immediate Actions Required
- Apply the kernel patches that remove the broken MOST I2C driver from the staging tree
- If patching is not immediately possible, blacklist the most_i2c module to prevent loading
- Review system configurations to identify if MOST I2C functionality is required
- Update to a patched kernel version that includes the driver removal
Patch Information
The Linux kernel maintainers have resolved this vulnerability by completely removing the broken MOST I2C driver from the staging subsystem. The patches are available from the kernel git repository:
Organizations should update to kernel versions that include these commits to permanently resolve the vulnerability.
Workarounds
- Blacklist the MOST I2C kernel module by adding blacklist most_i2c to /etc/modprobe.d/blacklist.conf
- Recompile the kernel with CONFIG_MOST_I2C=n to exclude the vulnerable driver
- Remove the most_i2c.ko module file from the system if present
- Prevent module auto-loading by adding install most_i2c /bin/false to modprobe configuration
# Blacklist the vulnerable MOST I2C driver
echo "blacklist most_i2c" >> /etc/modprobe.d/blacklist-most.conf
echo "install most_i2c /bin/false" >> /etc/modprobe.d/blacklist-most.conf
# Verify the module is not currently loaded
lsmod | grep most
# If loaded, attempt to remove (may fail if in use)
rmmod most_i2c 2>/dev/null
# Update initramfs to apply blacklist at boot
update-initramfs -u
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
