Impact
A missing or uninitialized reset operations table in the Amlogic t7 reset driver causes the kernel to dereference a null pointer when the reset subsystem is invoked. This triggers a kernel panic, rendering the entire system unavailable. The flaw is an instance of CWE-824 (Improper Pointer Initialization).
Affected Systems
The vulnerability affects Linux kernel configurations that include the Amlogic t7 reset driver. It was discovered in the driver that manages the reset controller on the Amlogic t7 SoC. No specific kernel version is listed in the advisory, so any kernel build containing the unpatched reset subsystem for this SoC is vulnerable. Vendors shipping Linux images for devices based on the Amlogic t7 should verify whether the reset controller is enabled and unpatched.
Risk and Exploitability
The EPSS score is under 1% and the vulnerability is not in the CISA KEV catalog, indicating that active exploitation is unlikely at present. The reset functionality on the Amlogic t7 is currently unused, so the likely attack vector would require an attacker with privileged local access capable of invoking the reset subsystem, or activation of reset support in a future kernel release. The lack of public exploits and low EPSS score suggest a low to moderate risk until the feature is exposed, at which point immediate patching would be recommended.
OpenCVE Enrichment