logo_clicknbuy.png

CVE-2025-21685 – Lenovo Yoga Tab 2 Pro 1380 Fastcharger Serdev NULL Pointer Dereference Vulnerability

The following table lists the changes that have been made to the
CVE-2025-21685 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 09, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race

    The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open()
    before setting the client ops via serdev_device_set_client_ops(). This
    ordering can trigger a NULL pointer dereference in the serdev controller’s
    receive_buf handler, as it assumes serdev->ops is valid when
    SERPORT_ACTIVE is set.

    This is similar to the issue fixed in commit 5e700b384ec1
    (“platform/chrome: cros_ec_uart: properly fix race condition”) where
    devm_serdev_device_open() was called before fully initializing the
    device.

    Fix the race by ensuring client ops are set before enabling the port via
    devm_serdev_device_open().

    Note, serdev_device_set_baudrate() and serdev_device_set_flow_control()
    calls should be after the devm_serdev_device_open() call.
    Added Reference https://git.kernel.org/stable/c/3f67e07873df3c6d9ce2582260b83732e1d3a40b
    Added Reference https://git.kernel.org/stable/c/59616a91e5e74833b2008b56c66879857c616006
Share the Post:

Related Posts