CVE-2025-68303
Description
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: intel: punit_ipc: fix memory corruption
This passes the address of the pointer "&punit_ipcdev" when the intent was to pass the pointer itself "punit_ipcdev" (without the ampersand). This means that the:
complete(&ipcdev->cmd_complete);
in intel_punit_ioc() will write to a wrong memory address corrupting it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory corruption vulnerability in the Linux kernel's Intel P-Unit IPC driver due to passing the address of a pointer instead of the pointer itself, leading to writes to an incorrect memory location.
Root
Cause
The vulnerability resides in the intel_punit_ipc driver. In the code path that handles IPC command completion, the address of the pointer &punit_ipcdev is passed instead of the pointer punit_ipcdev itself. This causes the complete(&ipcdev->cmd_complete) call in intel_punit_ioc() to write to a wrong memory address, corrupting kernel memory [1][2][3].
Exploitation
An attacker with local access and the ability to interact with the Intel P-Unit IPC interface (e.g., through a device file or kernel API) could trigger this bug. The exact prerequisites are not detailed, but the corruption occurs during normal IPC completion handling, making it reachable from code paths that submit IPC commands.
Impact
Memory corruption can lead to system instability, denial of service (kernel panic), or potentially privilege escalation if the corrupted memory region contains security-critical data or function pointers.
Mitigation
The fix was applied in the mainline kernel and backported to stable branches. Users should update to a kernel version containing the commit that corrects the pointer dereference. The stable backports are referenced in [1], [2], and [3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/15d560cdf5b36c51fffec07ac2a983ab3bff4cb2nvd
- git.kernel.org/stable/c/3e7442c5802146fd418ba3f68dcb9ca92b5cec83nvd
- git.kernel.org/stable/c/46e9d6f54184573dae1dcbcf6685a572ba6f4480nvd
- git.kernel.org/stable/c/9b9c0adbc3f8a524d291baccc9d0c04097fb4869nvd
- git.kernel.org/stable/c/a21615a4ac6fecbb586d59fe2206b63501021789nvd
- git.kernel.org/stable/c/c2ee6d38996775a19bfdf20cb01a9b8698cb0baanvd
News mentions
0No linked articles in our index yet.