Null Pointer Dereference Vulnerability in Linux Kernel vsock
CVE-2025-21666

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

A vulnerability has been identified in the Linux kernel related to the vsock implementation, where certain functions can be invoked on de-assigned vsock sockets. This might lead to null pointer dereference issues when checking for data availability. The recent changes ensure that instead of dereferencing a null pointer, the system now returns zero while logging a warning for debugging purposes. This design aims to preserve the operational integrity of the kernel while addressing potential future instances of similar vulnerabilities.

Affected Version(s)

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

References

https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff...

https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c88...

https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd48...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024