Impact
A null pointer dereference in the ps883x Type‑C controller driver causes a kernel Oops when a device is unbound. This bug originates from a missing call to i2c_set_clientdata() during probe, leading ps883x_retimer_remove() to read a null pointer and crash the kernel. The crash effectively denies service to the affected system.
Affected Systems
Any Linux kernel build that includes the ps883x driver before the commit adding i2c_set_clientdata() is vulnerable. The example demonstrates the issue on a 7.0.0-rc3 kernel but the flaw affects all earlier kernels containing the unpatched driver. Systems that have upgraded to a kernel version incorporating the fix are not impacted.
Risk and Exploitability
The CVSS score of 5.5 indicates a moderate severity. The EPSS score of < 1% suggests a low probability of exploitation in the wild, and the vulnerability is not listed in CISA KEV, implying no widely known exploits. Based on the description, it is inferred that the attack vector is local and requires write access to /sys/bus/platform/devices/*/driver/unbind, typically achievable only by root or a process with CAP_SYS_MODULE. A successful exploitation results in an Oops caused by a null pointer dereference in ps883x_retimer_remove(), leading to a kernel crash that effectively denies availability.
OpenCVE Enrichment