{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T18:13:11.658","vulnerabilities":[{"cve":{"id":"CVE-2025-21902","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-04-01T16:15:20.650","lastModified":"2025-10-31T18:51:38.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: typec: ucsi: Introduce a ->poll_cci method\n\nFor the ACPI backend of UCSI the UCSI \"registers\" are just a memory copy\nof the register values in an opregion. The ACPI implementation in the\nBIOS ensures that the opregion contents are synced to the embedded\ncontroller and it ensures that the registers (in particular CCI) are\nsynced back to the opregion on notifications. While there is an ACPI call\nthat syncs the actual registers to the opregion there is rarely a need to\ndo this and on some ACPI implementations it actually breaks in various\ninteresting ways.\n\nThe only reason to force a sync from the embedded controller is to poll\nCCI while notifications are disabled. Only the ucsi core knows if this\nis the case and guessing based on the current command is suboptimal, i.e.\nleading to the following spurious assertion splat:\n\nWARNING: CPU: 3 PID: 76 at drivers/usb/typec/ucsi/ucsi.c:1388 ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi]\nCPU: 3 UID: 0 PID: 76 Comm: kworker/3:0 Not tainted 6.12.11-200.fc41.x86_64 #1\nHardware name: LENOVO 21D0/LNVNB161216, BIOS J6CN45WW 03/17/2023\nWorkqueue: events_long ucsi_init_work [typec_ucsi]\nRIP: 0010:ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi]\nCall Trace:\n \n ucsi_init_work+0x3c/0xac0 [typec_ucsi]\n process_one_work+0x179/0x330\n worker_thread+0x252/0x390\n kthread+0xd2/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \n\nThus introduce a ->poll_cci() method that works like ->read_cci() with an\nadditional forced sync and document that this should be used when polling\nwith notifications disabled. For all other backends that presumably don't\nhave this issue use the same implementation for both methods."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: acpi: typec: ucsi: Introducir un método ->poll_cci. Para el backend ACPI de UCSI, los \"registros\" UCSI son simplemente una copia en memoria de los valores de registro en una región operativa. La implementación de ACPI en la BIOS garantiza que el contenido de la región operativa se sincronice con el controlador integrado y que los registros (en particular, CCI) se sincronicen con la región operativa en las notificaciones. Si bien existe una llamada ACPI que sincroniza los registros con la región operativa, rara vez es necesario hacerlo y, en algunas implementaciones de ACPI, falla de diversas maneras interesantes. La única razón para forzar una sincronización desde el controlador integrado es sondear CCI mientras las notificaciones están deshabilitadas. Solo el núcleo ucsi sabe si este es el caso y las suposiciones basadas en el comando actual no son óptimas, es decir, conducen al siguiente mensaje de afirmación falsa: ADVERTENCIA: CPU: 3 PID: 76 en drivers/usb/typec/ucsi/ucsi.c:1388 ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] CPU: 3 UID: 0 PID: 76 Comm: kworker/3:0 No contaminado 6.12.11-200.fc41.x86_64 #1 Nombre del hardware: LENOVO 21D0/LNVNB161216, BIOS J6CN45WW 17/03/2023 Cola de trabajo: events_long ucsi_init_work [typec_ucsi] RIP: 0010:ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] Seguimiento de llamadas: ucsi_init_work+0x3c/0xac0 [typec_ucsi] process_one_work+0x179/0x330 workers_thread+0x252/0x390 kthread+0xd2/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 Por lo tanto, introduzca un método ->poll_cci() que funcione como ->read_cci() con una sincronización forzada adicional y documente que debe usarse al sondear con las notificaciones deshabilitadas. Para todos los demás backends que presumiblemente no presenten este problema, utilice la misma implementación para ambos métodos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.5","versionEndExcluding":"6.12.19","matchCriteriaId":"32C54FE1-D058-4565-9F5B-4B599C9615BF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.7","matchCriteriaId":"842F5A44-3E71-4546-B4FD-43B0ACE3F32B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*","matchCriteriaId":"186716B6-2B66-4BD0-852E-D48E71C0C85F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*","matchCriteriaId":"0D3E781C-403A-498F-9DA9-ECEE50F41E75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*","matchCriteriaId":"66619FB8-0AAF-4166-B2CF-67B24143261D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*","matchCriteriaId":"D3D6550E-6679-4560-902D-AF52DCFE905B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*","matchCriteriaId":"45B90F6B-BEC7-4D4E-883A-9DBADE021750"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/012b98cdb54c7d47743ee7fc402fa23f2d90529a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1aec5c9066965ac0984e385bbc31455ae31cbffc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/976e7e9bdc7719a023a4ecccd2e3daec9ab20a40","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}