CVE-2025-23136

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Apr 16, 2025

Updated: Apr 29, 2025

CWE ID 476

Summary

CVE-2025-23136 is a vulnerability discovered in the Linux kernel's int340x thermal driver. The issue arises when the adev variable, which might be NULL due to the absence of an ACPI companion fwnode, is not checked properly before being used in int3402_thermal_probe(). This condition can potentially lead to a NULL pointer dereference. To mitigate this, a check for adev not being set has been implemented, and in case of NULL adev, the function returns -ENODEV to prevent any further processing. This issue is similar to another fix made in commit cd2fd6eab480. The int3400_thermal_probe() function under the same directory already has such a check in place.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-23136

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations