CVE-2025-68755

medium

Description

In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e ("staging: most: remove device from interface structure") started requiring drivers to set the interface device pointer before registration, but the I2C driver was never updated which results in a NULL pointer dereference if anyone ever tries to probe it.

References

https://git.kernel.org/stable/c/e463548fd80e779efea1cb2d3049b8a7231e6925

https://git.kernel.org/stable/c/6cbba922934805f86eece6ba7010b7201962695d

https://git.kernel.org/stable/c/6059a66dba7f26b21852831432e17075f1a1c783

https://git.kernel.org/stable/c/495df2da6944477d282d5cc0c13174d06e25b310

Details

Source: Mitre, NVD

Published: 2026-01-05

Updated: 2026-01-11

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00017