2429103 – (CVE-2025-68797) CVE-2025-68797 kernel: char: applicom: fix NULL pointer dereference in ac_ioctl

Bug 2429103 (CVE-2025-68797) - CVE-2025-68797 kernel: char: applicom: fix NULL pointer dereference in ac_ioctl

Summary: CVE-2025-68797 kernel: char: applicom: fix NULL pointer dereference in ac_ioctl

Keywords:
Status:	NEW
Alias:	CVE-2025-68797
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-13 16:06 UTC by OSIDB Bzimport
Modified:	2026-01-14 23:17 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-13 16:06:56 UTC

In the Linux kernel, the following vulnerability has been resolved:

char: applicom: fix NULL pointer dereference in ac_ioctl

Discovered by Atuin - Automated Vulnerability Discovery Engine.

In ac_ioctl, the validation of IndexCard and the check for a valid
RamIO pointer are skipped when cmd is 6. However, the function
unconditionally executes readb(apbs[IndexCard].RamIO + VERS) at the
end.

If cmd is 6, IndexCard may reference a board that does not exist
(where RamIO is NULL), leading to a NULL pointer dereference.

Fix this by skipping the readb access when cmd is 6, as this
command is a global information query and does not target a specific
board context.

Comment 1 Jon Moroney 2026-01-14 23:13:55 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026011306-CVE-2025-68797-b45e@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.