CVE-2025-71193

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> phy: qcom-qusb2: Fix NULL pointer dereference on early suspend<br /> <br /> Enabling runtime PM before attaching the QPHY instance as driver data<br /> can lead to a NULL pointer dereference in runtime PM callbacks that<br /> expect valid driver data. There is a small window where the suspend<br /> callback may run after PM runtime enabling and before runtime forbid.<br /> This causes a sporadic crash during boot:<br /> <br /> ```<br /> Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a1<br /> [...]<br /> CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.7+ #116 PREEMPT<br /> Workqueue: pm pm_runtime_work<br /> pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : qusb2_phy_runtime_suspend+0x14/0x1e0 [phy_qcom_qusb2]<br /> lr : pm_generic_runtime_suspend+0x2c/0x44<br /> [...]<br /> ```<br /> <br /> Attach the QPHY instance as driver data before enabling runtime PM to<br /> prevent NULL pointer dereference in runtime PM callbacks.<br /> <br /> Reorder pm_runtime_enable() and pm_runtime_forbid() to prevent a<br /> short window where an unnecessary runtime suspend can occur.<br /> <br /> Use the devres-managed version to ensure PM runtime is symmetrically<br /> disabled during driver removal for proper cleanup.