CVE-2025-68167 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

gpiolib: fix invalid pointer access in debugfs

If the memory allocation in gpiolib_seq_start() fails, the s->private
field remains uninitialized and is later dereferenced without checking
in gpiolib_seq_stop(). Initialize s->private to NULL before calling
kzalloc() and check it before dereferencing it.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2f6115ad8864cf3f48598f26c74c7c8e5c391919
https://git.kernel.org/stable/c/3c91c8f424d3e44c8645ab765a38773e58afb07d
https://git.kernel.org/stable/c/70180a6031056096c93ed2f47c41803268bdd91c

History

Tue, 16 Dec 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolib_seq_start() fails, the s->private field remains uninitialized and is later dereferenced without checking in gpiolib_seq_stop(). Initialize s->private to NULL before calling kzalloc() and check it before dereferencing it.
Title		gpiolib: fix invalid pointer access in debugfs
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2f6115ad8864cf3f48598f26c74c7c8e5c391919 https://git.kernel.org/stable/c/3c91c8f424d3e44c8645ab765a38773e58afb07d https://git.kernel.org/stable/c/70180a6031056096c93ed2f47c41803268bdd91c

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-16T13:42:47.480Z

Updated: 2025-12-16T13:42:47.480Z

Reserved: 2025-12-16T13:41:40.250Z

Link: CVE-2025-68167

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-16T14:15:48.540

Modified: 2025-12-16T14:15:48.540

Link: CVE-2025-68167

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68167", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T13:41:40.250Z", "datePublished": "2025-12-16T13:42:47.480Z", "dateUpdated": "2025-12-16T13:42:47.480Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-16T13:42:47.480Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: fix invalid pointer access in debugfs\n\nIf the memory allocation in gpiolib_seq_start() fails, the s->private\nfield remains uninitialized and is later dereferenced without checking\nin gpiolib_seq_stop(). Initialize s->private to NULL before calling\nkzalloc() and check it before dereferencing it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpio/gpiolib.c"], "versions": [{"version": "e348544f7994d252427ed3ae637c7081cbb90f66", "lessThan": "70180a6031056096c93ed2f47c41803268bdd91c", "status": "affected", "versionType": "git"}, {"version": "e348544f7994d252427ed3ae637c7081cbb90f66", "lessThan": "3c91c8f424d3e44c8645ab765a38773e58afb07d", "status": "affected", "versionType": "git"}, {"version": "e348544f7994d252427ed3ae637c7081cbb90f66", "lessThan": "2f6115ad8864cf3f48598f26c74c7c8e5c391919", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpio/gpiolib.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.58", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.8", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.12.58"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.17.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/70180a6031056096c93ed2f47c41803268bdd91c"}, {"url": "https://git.kernel.org/stable/c/3c91c8f424d3e44c8645ab765a38773e58afb07d"}, {"url": "https://git.kernel.org/stable/c/2f6115ad8864cf3f48598f26c74c7c8e5c391919"}], "title": "gpiolib: fix invalid pointer access in debugfs", "x_generator": {"engine": "bippy-1.2.0"}}}}