Null Pointer Dereference Vulnerability in Linux Kernel vsock Related Functions
CVE-2025-21670

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

What is CVE-2025-21670?

A vulnerability in the Linux kernel's vsock handling can cause a null pointer dereference error due to the absence of an assigned transport. If a socket is in a state where the transport is not set, such as after a connection failure, it may lead to unsafe kernel operations. This flaw can be triggered in various situations, particularly during socket message retrieval, and poses a risk of system instability and unexpected behaviors. To mitigate this risk, it is crucial to ensure checks on the transport layer are properly implemented.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 634f1a7110b439c65fd8a809171c1d2d28bcea6f < 58e586c30d0b6f5dc0174a41026f2b0a48c9aab6

Linux 634f1a7110b439c65fd8a809171c1d2d28bcea6f < 6771e1279dadf1d92a72e1465134257d9e6f2459

Linux 634f1a7110b439c65fd8a809171c1d2d28bcea6f

References

https://git.kernel.org/stable/c/58e586c30d0b6f5dc0174a410...

https://git.kernel.org/stable/c/6771e1279dadf1d92a72e1465...

https://git.kernel.org/stable/c/f6abafcd32f9cfc4b1a2f820e...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024

JSON

Linux

What is CVE-2025-21670?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.