CVE-2025-68303

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: intel: punit_ipc: fix memory corruption

This passes the address of the pointer "&punit_ipcdev" when the intent
was to pass the pointer itself "punit_ipcdev" (without the ampersand).
This means that the:

	complete(&ipcdev->cmd_complete);

in intel_punit_ioc() will write to a wrong memory address corrupting it.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
forky
6.17.12-1
fixed
sid
6.17.13-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/15d560cdf5b36c51fffec07ac2a983ab3bff4cb2
https://git.kernel.org/stable/c/3e7442c5802146fd418ba3f68dcb9ca92b5cec83
https://git.kernel.org/stable/c/46e9d6f54184573dae1dcbcf6685a572ba6f4480
https://git.kernel.org/stable/c/9b9c0adbc3f8a524d291baccc9d0c04097fb4869
https://git.kernel.org/stable/c/a21615a4ac6fecbb586d59fe2206b63501021789
https://git.kernel.org/stable/c/c2ee6d38996775a19bfdf20cb01a9b8698cb0baa