Impact
A null pointer dereference occurs in the Qualcomm CCI driver when it is removed from the system while only one I²C master is active. The driver calls cci_halt() for both masters but the completion object for the inactive master has never been initialized, causing a dereference of a NULL pointer. The kernel therefore panics with a null pointer exception at address 0, which requires a system reboot to recover. The flaw is purely a local denial‑of‑service that impacts system stability and availability.
Affected Systems
Linux kernels that include the i2c‑qcom‑cci module before the commit addressing this issue are affected. All distributions shipping a kernel that contains the unpatched Qualcomm CCI driver, regardless of version, are vulnerable, since the flaw exists in the source tree and is not tied to a specific release. The risk applies to any system that loads this module and has the privilege to remove it.
Risk and Exploitability
The CVSS score of 5.5 classifies the vulnerability as medium severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, implying no widely known exploitation. Exploitation requires local access with the privilege to unload kernel modules (root or CAP_SYS_MODULE). An attacker who can execute a command such as rmmod i2c‑qcom‑cci can trigger the crash, leading to a kernel panic and a denial of service until the system is rebooted. No remote or automatic exploitation vector is documented in the data.
OpenCVE Enrichment