CVE-2025-21695

Summary

CVE-2025-21695 is a vulnerability affecting the Linux kernel's Dell UART backlight driver. The issue lies in the ordering of function calls within the dell_uart_bl_serdev_probe() function. Specifically, devm_serdev_device_open() is called before the client ops are set, potentially leading to a NULL pointer dereference in the serdev controller's receive_buf handler. This vulnerability is similar to an issue resolved in commit 5e700b384ec1, where the same function call order caused problems in the Chrome EC UART driver. To address the race condition, the function has been modified to ensure client ops are set before enabling the port via devm_serdev_device_open(). It is important to note that serdev_device_set_baudrate() and serdev_device_set_flow_control() must be called after the devm_serdev_device_open() call to avoid any potential issues.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.