CVE-2025-23147: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-23147 is a vulnerability discovered in the Linux kernel's I3C master driver implementation. The issue was first reported and published to the CVE List on May 1, 2025. The vulnerability specifically affects the i3cmasterqueue_ibi() function in the Linux kernel's I3C subsystem (NVD Database, Debian Tracker).

The vulnerability occurs when the I3C master driver receives an In-Band Interrupt (IBI) from a target device that has not been fully probed. When the master calls i3c_master_queue_ibi() to queue an IBI work task, it can lead to an "Unable to handle kernel read from unreadable memory" error and subsequently result in a kernel panic. This happens because target device events are asynchronous to the I3C probe sequence, allowing step 3 to occur before step 2, which causes dev->ibi to be NULL (NVD Database).

The vulnerability can result in a kernel panic, which leads to system instability and potential denial of service. This affects the overall system reliability and availability, particularly in environments where I3C devices are actively used (NVD Database).

The vulnerability has been resolved by adding a NULL pointer check in the i3cmasterqueue_ibi() function to prevent accessing an uninitialized dev->ibi. This fix ensures system stability by properly handling cases where IBIs are received from unprobed devices (NVD Database).