CVE-2025-68755

Published: January 8, 2026Last modified: January 8, 2026

Description

In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e ("staging: most: remove device from interface structure") started requiring drivers to set the interface device pointer before registration, but the I2C driver was never updated which results in a NULL pointer dereference if anyone ever tries to probe it.

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	linux-lts	Vulnerable (6.1.159-r0)
	25 LTS	linux-lts	Vulnerable (6.12.61-r0)
	Stream	linux-lts	Vulnerable (6.12.63-r0)

References

https://git.kernel.org/stable/c/495df2da6944477d282d5cc0c13174d06e25b310
https://git.kernel.org/stable/c/6059a66dba7f26b21852831432e17075f1a1c783
https://git.kernel.org/stable/c/6cbba922934805f86eece6ba7010b7201962695d
https://git.kernel.org/stable/c/e463548fd80e779efea1cb2d3049b8a7231e6925