NULL Pointer Dereference Affecting kernel-64k-devel-matched package, versions *


Severity

Recommended
low

Based on CentOS security rating.

Threat Intelligence

EPSS
0.16% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS10-KERNEL64KDEVELMATCHED-17774928
  • published2 Jul 2026
  • disclosed1 Jul 2026

Introduced: 1 Jul 2026

NewCVE-2026-53339  (opens in a new tab)
CWE-476  (opens in a new tab)

How to fix?

There is no fixed version for Centos:10 kernel-64k-devel-matched.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-64k-devel-matched package and not the kernel-64k-devel-matched package as distributed by Centos. See How to fix? for Centos:10 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()

On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device unbinding or driver removal causes a NULL pointer dereference, because cci_halt() is called for all two I2C masters, but a completion is initialized only for the single enabled master:

% rmmod i2c-qcom-cci
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
<snip>
Call trace:
__wait_for_common+0x194/0x1a8 (P)
wait_for_completion_timeout+0x20/0x2c
cci_remove+0xc4/0x138 [i2c_qcom_cci]
platform_remove+0x20/0x30
device_remove+0x4c/0x80
device_release_driver_internal+0x1c8/0x224
driver_detach+0x50/0x98
bus_remove_driver+0x6c/0xbc
driver_unregister+0x30/0x60
platform_driver_unregister+0x14/0x20
qcom_cci_driver_exit+0x18/0x1008 [i2c_qcom_cci]
....

CVSS Base Scores

version 3.1