CVE-2025-37972

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37972
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37972.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37972
Downstream
Related
Published
2025-05-20T16:47:18.481Z
Modified
2025-11-28T02:34:33.180649Z
Summary
Input: mtk-pmic-keys - fix possible null pointer dereference
Details

In the Linux kernel, the following vulnerability has been resolved:

Input: mtk-pmic-keys - fix possible null pointer dereference

In mtkpmickeys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the code will try to dereference a null pointer.

Let's use the regs struct instead as it is defined for all supported platforms. Note that it is ok setting the key reg even if that latter is disabled as the interrupt won't be enabled anyway.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37972.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b581acb49aec5c3b0af9ab1c537fb73481b79069
Fixed
334d74a798463ceec02a41eb0e2354aaac0d6249
Fixed
90fa6015ff83ef1c373cc61b7c924ab2bcbe1801
Fixed
619c05fb176c272ac6cecf723446b39723ee6d97
Fixed
09429ddb5a91e9e8f72cd18c012ec4171c2f85ec
Fixed
11cdb506d0fbf5ac05bf55f5afcb3a215c316490

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.139
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.91
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.29
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.7